Date: Fri, 12 Apr 2013 07:48:17 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Eugene Grosbein <egrosbein@rdtc.ru> Cc: freebsd-net <freebsd-net@freebsd.org>, Karl Denninger <karl@denninger.net> Subject: Re: IKEv2/IPSEC "Road Warrior" VPN Tunneling? Message-ID: <CAHu1Y70fBcERiVHaQUL=Ga71W%2BO-pShMGP0jZ4B43EwyEXm85w@mail.gmail.com> In-Reply-To: <51679B54.2060908@rdtc.ru> References: <516739C9.4080902@denninger.net> <51679B54.2060908@rdtc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 11, 2013 at 10:27 PM, Eugene Grosbein <egrosbein@rdtc.ru> wrote= : > 12.04.2013 05:31, Karl Denninger =D0=C9=DB=C5=D4: >> Is there a "cookbook" for setting this up? There are examples for >> setting up a tunnel between two fixed-address networks (e.g. a remote >> LAN that needs to be "integrated" with a central LAN over IPSec but I >> can't find anything addressing the other situation -- remote user(s) >> where the connecting IPs are not known in advance, such as a person with >> a laptop or smartphone in a random hotel. > You'll need to install the port security/ipsec-tools for IKE protocol sup= port. > This port contains racoon daemon, here is sample racoon.conf: You may need something not in the GENERIC kernel on the server side options IPSEC_NAT_T and if you're supporting OS X clients with L2TP, you'll want to install mpd5 from the ports. And patch racoon to use a single shared secret across users. Howto set up a L2TP/IPsec VPN Dial-In Server http://forums.freebsd.org/showthread.php?t=3D26755 - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y70fBcERiVHaQUL=Ga71W%2BO-pShMGP0jZ4B43EwyEXm85w>