Background

• Please see IPSEC-Racoon for background.
• There are very few differences that will be annotated here.

Remote Settings

• You will be able to mirror the settings laid out in IPSEC-Racoon except for a handful of things.
• Encryption Algorithm should be aes.
• The SPDs are the same format for racoon.

Config Files

ipsec.conf

• This actually is a one-liner:

 ike esp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY psk "MYPRESHAREDKEY"

Execution

• To run, try this:

 # isakmpd -K -v -D A=80
 # ipsecctl -f /etc/ipsec.conf

• Make sure your firewall isn't blocking the traffic.

Handy Scripts

Here's some handy scripts using the isakmpd fifo to teardown and connect tunnels - in case you need to force it to happen. For each of these the "name" is by default the public IP of the remote end.

/usr/local/sbin/ipsec-teardown

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "t quick ${1}" >> /var/run/isakmpd.fifo
echo "t main ${1}" >> /var/run/isakmpd.fifo

/usr/local/sbin/ipsec-connect

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "c ${1}" >> /var/run/isakmpd.fifo