From owner-freebsd-net@FreeBSD.ORG Fri Apr 12 14:48:19 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2E1EF8D1 for ; Fri, 12 Apr 2013 14:48:19 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) by mx1.freebsd.org (Postfix) with ESMTP id F11FDB4F for ; Fri, 12 Apr 2013 14:48:18 +0000 (UTC) Received: by mail-ob0-f169.google.com with SMTP id wp18so2419826obc.28 for ; Fri, 12 Apr 2013 07:48:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=htz/AbolhMtJK2Xf/JmcfEBY1G/3cB0brzSTwpBfyDM=; b=ZB84SRio6263ae7tW7MAfIh9SxWRc1aawJrFPK1VwnwCOTRgK0vAaVs5FKOOAA6ipf JqgCciFTSlNknWtQAtlqFDQoPFt5csdTYs8Y4mlSLf+qgbYYwz2tmbqK42yBMP3xlSVh EkQ/Gfdp13L679O5KyGOOW7LJyKX5fuHuoBtxVHOo2yGgeg+i9mHbzC+u/Tekx4ZJETf KOKBhk+Nx/87bYV9SgGI68VjnrQihyhO/rKciT7HV7EK4biceI86Fe7Y7+e7WAYbc5yo kDiaRRtTbN8DOYb5NbeiBVKIcsKEse0YOOk5g026Xy0pr3ndkzmFR/uaVnjOCBeNRYrz 23sg== MIME-Version: 1.0 X-Received: by 10.182.127.115 with SMTP id nf19mr3992062obb.49.1365778097551; Fri, 12 Apr 2013 07:48:17 -0700 (PDT) Received: by 10.60.140.229 with HTTP; Fri, 12 Apr 2013 07:48:17 -0700 (PDT) In-Reply-To: <51679B54.2060908@rdtc.ru> References: <516739C9.4080902@denninger.net> <51679B54.2060908@rdtc.ru> Date: Fri, 12 Apr 2013 07:48:17 -0700 Message-ID: Subject: Re: IKEv2/IPSEC "Road Warrior" VPN Tunneling? From: Michael Sierchio To: Eugene Grosbein Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQkc8L8PL6CgB+5mDNDimuMDqUZWeuD6oqjpSK8zAkn/ylL76aE0Olw7x71cqAmxjeovzL7z Cc: freebsd-net , Karl Denninger X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2013 14:48:19 -0000 On Thu, Apr 11, 2013 at 10:27 PM, Eugene Grosbein wrote= : > 12.04.2013 05:31, Karl Denninger =D0=C9=DB=C5=D4: >> Is there a "cookbook" for setting this up? There are examples for >> setting up a tunnel between two fixed-address networks (e.g. a remote >> LAN that needs to be "integrated" with a central LAN over IPSec but I >> can't find anything addressing the other situation -- remote user(s) >> where the connecting IPs are not known in advance, such as a person with >> a laptop or smartphone in a random hotel. > You'll need to install the port security/ipsec-tools for IKE protocol sup= port. > This port contains racoon daemon, here is sample racoon.conf: You may need something not in the GENERIC kernel on the server side options IPSEC_NAT_T and if you're supporting OS X clients with L2TP, you'll want to install mpd5 from the ports. And patch racoon to use a single shared secret across users. Howto set up a L2TP/IPsec VPN Dial-In Server http://forums.freebsd.org/showthread.php?t=3D26755 - M