Openbsd-ipsec-gif

From WTFwiki
Revision as of 21:47, 4 January 2013 by Jontow (talk | contribs) (2 revisions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Background

  • Please see IPSEC-Racoon for background.
  • There are very few differences that will be annotated here.


Remote Settings

  • You will be able to mirror the settings laid out in IPSEC-Racoon except for a handful of things.
  • Encryption Algorithm should be aes.
  • The SPDs are the same format for racoon.


Config Files

ipsec.conf

  • This actually is a one-liner:
 ike esp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY psk "MYPRESHAREDKEY"


Execution

  • To run, try this:
 # isakmpd -K -v -D A=80
 # ipsecctl -f /etc/ipsec.conf
  • Make sure your firewall isn't blocking the traffic.

Handy Scripts

Here's some handy scripts using the isakmpd fifo to teardown and connect tunnels - in case you need to force it to happen. For each of these the "name" is by default the public IP of the remote end.

/usr/local/sbin/ipsec-teardown

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "t quick ${1}" >> /var/run/isakmpd.fifo
echo "t main ${1}" >> /var/run/isakmpd.fifo

/usr/local/sbin/ipsec-connect

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "c ${1}" >> /var/run/isakmpd.fifo