Date: Thu, 10 Jan 2002 19:15:41 +0100 From: "Dennis Pedersen" <mlists@daydreamer.dk> To: <freebsd-security@freebsd.org> Subject: FreeBSD and racoon (2offices + single computer = how?) Message-ID: <022201c19a02$d1130020$0301a8c0@dpws>
next in thread | raw e-mail | index | archive | help
Hi! I have been fooling a little around with Racoon between 2 FreeBSD 4,4 box's with tunnel mode (http://www.onlamp.com/pub/a/bsd/2001/12/10/ipsec.html) and this works fine. The idea was that theese 2 box's should be used to make a encrypted tunnel this works fine but i also need some end computers connected to office 1 too, i have some idea about how to set this up but the documentation the kame projekt don't have that many examples so i need some advices on some point. I realice that i need some kind of setkey policy for the end users, but after searching google.com for simular setups i get the impression that if one racoon box has 2 sets of setkey policys then it gets kind of confused?! Anyways i was thinking of something like for my end users: spdadd A[3389] 0.0.0.0/0 tcp -P out ipsec ah/transport//require; spdadd 0.0.0.0/0 A[3389] tcp -P in ipsec ah/transport//require; Will this work if i simply add this to my setkey file along with the setkey policy for the tunnel? And finally what about if i need to run racoon on the same box as i have ipfw with a deny any from any to any at the end, i understand that i need to allow SPI and ESP (ipfw add allow SPI/ESP from any to any?) Regards Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?022201c19a02$d1130020$0301a8c0>