Date: Thu, 13 Sep 2001 14:38:39 -0500 From: Paul Root <proot@iaces.com> To: security@freebsd.org Subject: IPSEC config Message-ID: <3BA10B3F.610E6FB3@iaces.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to setup a IPSec tunnel and am having trouble. Both machines are 4.4 RC3 (I think, last week). And when I set it up for a transport between the two machines it works fine, so racoon must be fine. I'm following the IPsec mini-HOWTO from January 2001 daemonnews. Here's my config on one end: #!/bin/sh # These commands need to be run on acesfbsd to # connect to lorax, in a IPSEC test # # Setup the tunnel device. gifconfig gif0 10.20.30.4 172.28.56.82 # # The next 2 lines delete all existing entries # from the SPD and SAD setkey -FP setkey -F # Add the policy setkey -c <<EOF spdadd 10.20.30.0/24 172.28.56.0/23 any -P out ipsec esp/tunnel/10.20.30.4-172.28.56.82/require; spdadd 172.28.56.0/23 10.20.30.0/24 any -P in ipsec esp/tunnel/172.28.56.82-10.20.30.4/require; EOF The man page on gif and gifconfig are vague to me, but I think I've got it, those are the actual addresses of the boxes right? Also, the howto had transport instead of tunnel in the spdadd lines but the man page suggests tunnel. I'm sure I'm doing something horribly wrong. Thanks, Paul. -- Paul T. Root E/Mail: proot@iaces.com 600 Stinson Blvd, Fl 1S PAG: +1 (877) 693-7155 Minneapolis, MN 55413 WRK: +1 (612) 664-3385 NIC: PTR FAX: +1 (612) 664-4779 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BA10B3F.610E6FB3>