Date: Fri, 11 Jan 2002 11:54:55 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Wilko Bulte <wkb@freebie.xs4all.nl> Cc: robert.thoelen@ieee.org, freebsd-hackers@FreeBSD.ORG Subject: Re: IPsec tunnel between FreeBSD and OpenBSD Message-ID: <3C3F430F.B031DD6@mindspring.com> References: <20020111182049.37178.qmail@web21203.mail.yahoo.com> <3C3F3EE0.A80F5713@mindspring.com> <20020111204544.A30419@freebie.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Wilko Bulte wrote: > > Start with: > > > > "A Quick Guide to Configuring IPsec on OpenBSD v2.9" > > Robert Sigillito, Carol Thompson > > http://www.daemonnews.org/200111/ipsec.html > > > > Once you have the OpenBSD side configured, the FreeBSD > > should be fgairly straight forward (just make changes > > until it works 8-)), since most of the code is OpenBSD > > derived. > > But FreeBSD uses racoon (OK, it is a port) iso isakmpd or > am I missing something? No, FreeBSD is gratuitously different because of where it got its ISA/KMP code vs. OpenBSD. In general, you should only need to manage keys if you are exchanging them on one server or the other, not both, so my suggestion would be to keep the keys in the ISA/KMP server on the OpenBSD box (for which we have example configuration documentation), and not on the FreeBSD box. Otherwise, the "just make changes until it works" approach is a possible tack to take, or you could beat documentation out of the Racoon people, if you can read Japanese. You might also want to talk to Evan Oldford, who did a FreeBSD<->FreeBSD configuration at Whistle/IBM (he works for a PacketDesign spinoff now; sorry, you will have to search out his email). I can tell you that his advice will probably be to statically configure certificates on both ends, instead of relying on Racoon (don't know if he ever got it working between Windows and FreeBSD with the "preview" version of the IPSec stuff from Microsoft that I found for him, and which they removed from download very shortly thereafter). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C3F430F.B031DD6>