IPSEC-Racoon

From WTFwiki
Revision as of 11:22, 20 August 2006 by Jontow (talk | contribs) (initial commit of the ipsec/racoon howto)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Theory

To set this up, we're going to use gif(4) to setup a regular [unencrypted] IPv4-IPv4 tunnel from

one host to another; nothing that special but still quite neat. This way we don't have to worry

about IP negotiations etc, its less interoperable but MUCH nicer to deal with if both of your

endpoints support gif(4).


Once the tunnel is up, we can begin securing it before we use it.


Requirements

  • On both FreeBSD and NetBSD, you'll probably have to rebuild your kernel to include a few options: "IPSEC", "IPSEC_ESP", "IPSEC_DEBUG", and "IPSEC_FILTERGIF" would be helpful. I'd also add some firewalling abilities, and don't forget "device gif".
  • On FreeBSD, you'll probably have to install 'ipsec-tools' from 'ports/security/ipsec-tools'.


Host A

  • For clarity, this is a FreeBSD 6.1-STABLE machine.
  • External Address/Mask: 1.2.3.4/32
  • Internal Address/Mask: 10.10.10.0/24


Host B

  • For clarity, this is a NetBSD 2.1_STABLE machine.
  • External Address/Mask: 5.6.7.8/32
  • Internal Address/Mask: 192.168.20.0/24


Reference Material

 A few resources I used to learn this the first time.