Difference between revisions of "Changing an IPSEC endpoint's IP address"

Latest revision as of 22:47, 4 January 2013

Edit /usr/local/etc/racoon/ipsec.conf and change the IP in the SPD lines that are relevant.
Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to.
Edit /etc/pf.conf and update vpn-clients table with the new IP.
Destroy gif(4) tunnel and recreate (see note at bottom)
Edit /etc/rc.local and synchronize changes with what happens there.
Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf'
Restart racoon: '/usr/local/etc/rc.d/racoon restart'
Watch logfile: 'tail -f /var/log/security'

 # ifconfig gif0 down delete
 # ifconfig gif0 destroy
 # ifconfig gif0 create
 # ifconfig gif0 inet AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB netmask 0xffffffff
 # ifconfig gif0 tunnel XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY up

@@ Line 2: / Line 2: @@
 # Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to.
 # Edit /etc/pf.conf and update vpn-clients table with the new IP.
-# Destroy gif(4) tunnel and recreate: 'ifconfig gif0 down delete ; ifconfig gif0 destroy ; ifconfig gif0 create ; ifconfig gif0 inet localinternalip remoteinternalip netmask  0xffffffff ; ifconfig gif0 tunnel localextip remoteextip up'
+# Destroy gif(4) tunnel and recreate (see note at bottom)
 # Edit /etc/rc.local and synchronize changes with what happens there.
 # Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf'
 # Restart racoon: '/usr/local/etc/rc.d/racoon restart'
 # Watch logfile: 'tail -f /var/log/security'
+  # ifconfig gif0 down delete
+  # ifconfig gif0 destroy
+  # ifconfig gif0 create
+  # ifconfig gif0 inet AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB netmask 0xffffffff
+  # ifconfig gif0 tunnel XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY up

Difference between revisions of "Changing an IPSEC endpoint's IP address"

Latest revision as of 22:47, 4 January 2013

Navigation menu

Search