Date: Tue, 12 Dec 2006 10:27:55 +1100 From: "Sam Wun" <smw2010@gmail.com> To: freebsd-net@freebsd.org Subject: Adding a new VPN connection Message-ID: <ff64092b0612111527k21c73729gb618767ba119a522@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, In a FreeBSD router (5.4-stable), there are currently 50 IPSEC VPN connections running with 50 remote sites, now I need to add one more (new) vpn to it without resetting the existing VPN connection. Therefore I have created a script (new-vpn.sh): #!/bin/sh # Tunnel to kgportsmith /sbin/ifconfig gif108 destroy /sbin/ifconfig gif108 create /sbin/ifconfig gif108 tunnel 10.152.34.74 10.154.3.74 /sbin/ifconfig gif108 inet 10.1.1.1 10.1.1.33 netmask 255.255.255.0 /sbin/route delete 10.1.33.1/24 /sbin/route delete 172.17.33.0/24 /sbin/route add 10.1.33.1/24 10.1.1.33 /sbin/route add 172.17.33.0/24 10.1.1.33 setkey -c << EOF # Setup policies with kgportsmith spdadd 10.152.34.74 10.154.3.74 any -P out ipsec esp/tunnel/10.152.34.74- 10.154.3.74/require ; spdadd 10.154.3.74 10.152.34.74 any -P in ipsec esp/tunnel/10.154.3.74- 10.152.34.74/require ; add 10.152.34.74 10.154.3.74 esp 2797 -m tunnel -E blowfish-cbc 0x11205611340CCEA4C816670A4A8DD2A67403F46A08169850DC0B8E2989C3C2094CEF174297ECCF39644B6C4E28D5A3BD4C0861DD7094E398 -A hmac-sha1 0x2C49F538BAF74917311382F7EE42CC43FBDBDA4B ; add 10.154.3.74 10.152.34.74 esp 4074 -m tunnel -E blowfish-cbc 0x82A7C78A8C1F8B0DF8EE75F4BEEA5A26D987C6237D43ED98EF3E2A18D2B7F2C94674E1E4B1FAFE645CCB2C18603646E20EB925B06AEC4F6B -A hmac-sha1 0xCE1D85113D11D43C061E499CFFECCD81D50A3530 ; EOF ### END OF SCRIPT ### Will this script (especially the command setkey -c) erase (reset) the existing VPN connection and security keys)? If it does, I will lose the connectino with all other sites. Thanks S
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ff64092b0612111527k21c73729gb618767ba119a522>