Mike Tancsa wrote:
At 11:26 AM 17/02/2006, Kövesdán Gábor wrote:
Mike Tancsa wrote:
As for tutorials, google around and read through various posts. There
is lots of good info out there. Perhaps if you describe what you want
to do, people can make specific suggestions.
---Mike
Unfortunately, I haven't found a good howto. The situation is the
following:
freebsd ipsec tutorial
in google comes up with a number of starting points including
http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html
This project will be some kind of SMS service. The serv will connect
to the SMS server and get the received SMSes, but the connection to
the SMS server is only allowed via VPN. Here are two IP addresses,
one of them is the VPN peers address. I have to set up a VPN
connection to this host with 3DES SHA IPsec and a DH pre-shared key.
The other IP address is the SMS servers adress but that is only
accessible via VPN.
First, you need to show what your policy is.
typical setup described is
internalNet_A----externalIP_A-------internet-----externalIP_B----internalNet_B
Where internalNet_A needs to talk to internalNet_B in a safe and
secure way.
So, identify what those parts of the policy are.
Put it in a shell script like
Bsubnet=172.24.0.17/29
BexternalIP=80.244.96.229
Asubnet=192.168.2.186/32
AexternalIP=80.98.231.227
setkey -F
setkey -FP
/usr/sbin/setkey -c <<EOF1
spdadd $Asubnet $Bsubnet any -P out ipsec
esp/tunnel/$AexternalIP-$Bsubnet/unique;
spdadd $Bsubnet $Asubnet any -P in ipsec
esp/tunnel/$Bsubnet-$AexternalIP/unique;
EOF1
This sets up the policy.
Type
setkey -DP
It will show you the installed policies. Once you try and send some
traffic across with PhaseI and PhaseII negotiated, you will see the
associations with
setkey -D
I've installed ipsec-tools, and tried to configure it, but I can't
start racoon and I get a configuration file parse error. I couldn't
found out which line is wrong. I just got this:
racoon: failed to parse configuration file.
IPSEC Tools is fussy about where the config is. Its saying it cant
find the config.
Try racoon -d -f /usr/local/etc/racoon/racoon.conf
Also, make sure for your sainfo config, it must match your policies,
otherwise it will hit the anonymous config. For your initial setup,
try it with an anonymous config for now and then work on getting only
a specific config.
e.g.
sainfo address 172.24.0.17/29 any address 192.168.2.186/24 any
Thanks, it seems to be okay now, racoon is running, and I see tcp
packages going out via the VPN, but icmp host unreachable packets are
coming from the VPN peer. I think there's some problem with the routing
here, I started a new thread about this.
Thanks in advance,
Gabor Kovesdan
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
