Changing an IPSEC endpoint's IP address

From WTFwiki
Revision as of 23:07, 24 December 2006 by Jontow (talk | contribs)
Jump to navigation Jump to search
  1. Edit /usr/local/etc/racoon/ipsec.conf and change the IP in the SPD lines that are relevant.
  2. Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to.
  3. Edit /etc/pf.conf and update vpn-clients table with the new IP.
  4. Destroy gif(4) tunnel and recreate: 'ifconfig gif0 down delete ; ifconfig gif0 destroy ; ifconfig gif0 create ; ifconfig gif0 inet localinternalip remoteinternalip netmask 0xffffffff ; ifconfig gif0 tunnel localextip remoteextip up'
  5. Edit /etc/rc.conf and synchronize changes with what happens there.
  6. Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf'
  7. Restart racoon: '/usr/local/etc/rc.d/racoon restart'
  8. Watch logfile: 'tail -f /var/log/security'
Retrieved from "http://wtf.hijacked.us/wiki/index.php?title=Changing_an_IPSEC_endpoint%27s_IP_address&oldid=263"