Difference between revisions of "Changing an IPSEC endpoint's IP address"
Jump to navigation
Jump to search
m (4 revisions) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
# Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to. | # Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to. | ||
# Edit /etc/pf.conf and update vpn-clients table with the new IP. | # Edit /etc/pf.conf and update vpn-clients table with the new IP. | ||
− | # Destroy gif(4) tunnel and recreate | + | # Destroy gif(4) tunnel and recreate (see note at bottom) |
− | # Edit /etc/rc. | + | # Edit /etc/rc.local and synchronize changes with what happens there. |
# Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf' | # Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf' | ||
# Restart racoon: '/usr/local/etc/rc.d/racoon restart' | # Restart racoon: '/usr/local/etc/rc.d/racoon restart' | ||
# Watch logfile: 'tail -f /var/log/security' | # Watch logfile: 'tail -f /var/log/security' | ||
+ | |||
+ | |||
+ | # ifconfig gif0 down delete | ||
+ | # ifconfig gif0 destroy | ||
+ | # ifconfig gif0 create | ||
+ | # ifconfig gif0 inet AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB netmask 0xffffffff | ||
+ | # ifconfig gif0 tunnel XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY up |
Latest revision as of 21:47, 4 January 2013
- Edit /usr/local/etc/racoon/ipsec.conf and change the IP in the SPD lines that are relevant.
- Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to.
- Edit /etc/pf.conf and update vpn-clients table with the new IP.
- Destroy gif(4) tunnel and recreate (see note at bottom)
- Edit /etc/rc.local and synchronize changes with what happens there.
- Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf'
- Restart racoon: '/usr/local/etc/rc.d/racoon restart'
- Watch logfile: 'tail -f /var/log/security'
# ifconfig gif0 down delete # ifconfig gif0 destroy # ifconfig gif0 create # ifconfig gif0 inet AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB netmask 0xffffffff # ifconfig gif0 tunnel XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY up