Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Oct 2019 00:29:38 -0700
From:      Rudy <crapsh@monkeybrains.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: help with setting up IPSEC in FreeBSD 12
Message-ID:  <2bda93a7-2c21-c69e-cc11-00d2c78dea71@monkeybrains.net>
In-Reply-To: <0b60ed6c-30c9-a12a-d608-58b828b44a9a@monkeybrains.net>
References:  <0b60ed6c-30c9-a12a-d608-58b828b44a9a@monkeybrains.net>

next in thread | previous in thread | raw e-mail | index | archive | help
OK, I have the ipsec.conf set up.


# Flush the SPD and the SAD
spdflush;
flush;

# Security policies
spdadd 10.1.0.0/24 10.1.87.0/24 any
        -P out ipsec
        esp/tunnel/172.17.40.18-172.17.41.203/require;

spdadd 10.1.87.0/24 10.1.0.0/24 any
        -P in ipsec
        esp/tunnel/172.17.41.203-172.17.40.18/require;


Now I need keys manages.  Do I still need to set up racoon?  It looks 
like a lot of configuration when I just want to simply setup encryption 
on a gif link from a FreeBSD box to a Mikrotik.  Is there an easier way 
to do this in FreeBSD 12?

Rudy





On 10/8/19 11:56 PM, Rudy wrote:
>
> I see an /etc/ipsec.conf in FreeBSD 12 -- how do I set this up?  I 
> have the gif0 all configured, but need help with the IPSEC part.
>
> Is there a solid (modern) how-to on setting up IPSEC on freebsd? 
> examples of creating keys, and configuring would be great.
>
> The handbook talks about racoon and ipsec-tools, but that port has 
> been discontinued.
>   https://www.freebsd.org/doc/en/books/handbook/ipsec.html
> It needs an update.
>
>
> Thanks,
> Rudy
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2bda93a7-2c21-c69e-cc11-00d2c78dea71>