Openbsd-ipsec-gif

From WTFwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Background

  • Please see IPSEC-Racoon for background.
  • There are very few differences that will be annotated here.


Remote Settings

  • You will be able to mirror the settings laid out in IPSEC-Racoon except for a handful of things.
  • Encryption Algorithm should be aes.
  • The SPDs are the same format for racoon.


Config Files

ipsec.conf

  • This actually is a one-liner:
 ike esp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY psk "MYPRESHAREDKEY"


Execution

  • To run, try this:
 # isakmpd -K -v -D A=80
 # ipsecctl -f /etc/ipsec.conf
  • Make sure your firewall isn't blocking the traffic.

Handy Scripts

Here's some handy scripts using the isakmpd fifo to teardown and connect tunnels - in case you need to force it to happen. For each of these the "name" is by default the public IP of the remote end.

/usr/local/sbin/ipsec-teardown 

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "t quick ${1}" >> /var/run/isakmpd.fifo
echo "t main ${1}" >> /var/run/isakmpd.fifo

/usr/local/sbin/ipsec-connect 

#!/bin/sh
if [ "x${1}" = "x" ]; then
        echo "Usage: ${0} <name>"
        exit 1
fi
echo "c ${1}" >> /var/run/isakmpd.fifo
Retrieved from "http://wtf.hijacked.us/wiki/index.php?title=Openbsd-ipsec-gif&oldid=318"