Changing an IPSEC endpoint's IP address

From WTFwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
  1. Edit /usr/local/etc/racoon/ipsec.conf and change the IP in the SPD lines that are relevant.
  2. Edit /usr/local/etc/racoon/psk.conf and change the IP that the pre-shared-key belongs to.
  3. Edit /etc/pf.conf and update vpn-clients table with the new IP.
  4. Destroy gif(4) tunnel and recreate (see note at bottom)
  5. Edit /etc/rc.local and synchronize changes with what happens there.
  6. Reload SPDs: 'setkey -F ; setkey -f /usr/local/etc/racoon/ipsec.conf'
  7. Restart racoon: '/usr/local/etc/rc.d/racoon restart'
  8. Watch logfile: 'tail -f /var/log/security'

 # ifconfig gif0 down delete
 # ifconfig gif0 destroy
 # ifconfig gif0 create
 # ifconfig gif0 inet AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB netmask 0xffffffff
 # ifconfig gif0 tunnel XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY up