Difference between revisions of "IPSEC-Racoon"
Jump to navigation
Jump to search
(initial commit of the ipsec/racoon howto) |
(No difference)
|
Revision as of 12:22, 20 August 2006
Theory
To set this up, we're going to use gif(4) to setup a regular [unencrypted] IPv4-IPv4 tunnel from
one host to another; nothing that special but still quite neat. This way we don't have to worry
about IP negotiations etc, its less interoperable but MUCH nicer to deal with if both of your
endpoints support gif(4).
Once the tunnel is up, we can begin securing it before we use it.
Requirements
- On both FreeBSD and NetBSD, you'll probably have to rebuild your kernel to include a few options: "IPSEC", "IPSEC_ESP", "IPSEC_DEBUG", and "IPSEC_FILTERGIF" would be helpful. I'd also add some firewalling abilities, and don't forget "device gif".
- On FreeBSD, you'll probably have to install 'ipsec-tools' from 'ports/security/ipsec-tools'.
Host A
- For clarity, this is a FreeBSD 6.1-STABLE machine.
- External Address/Mask: 1.2.3.4/32
- Internal Address/Mask: 10.10.10.0/24
Host B
- For clarity, this is a NetBSD 2.1_STABLE machine.
- External Address/Mask: 5.6.7.8/32
- Internal Address/Mask: 192.168.20.0/24
Reference Material
A few resources I used to learn this the first time.