yum install ipsec-tools cat /etc/ipsec.conf flush; spdflush; spdadd 93.84.113.11 192.168.200.254 any -P out ipsec esp/tunnel/93.84.113.11-80.94.225.66/require; spdadd 192.168.200.254 93.84.113.11 any -P in ipsec esp/tunnel/80.94.225.66-93.84.113.11/require; # spdadd 93.84.113.11/32 80.94.164.22/32 any -P out ipsec esp/tunnel/93.84.113.11-80.94.164.22/require; spdadd 80.94.164.22/32 93.84.113.11/32 any -P in ipsec esp/tunnel/80.94.164.22-93.84.113.11/require; cat /etc/racoon/racoon.conf path pre_shared_key "/etc/racoon/psk.txt"; #log debug; log notify; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } listen { isakmp 93.84.113.11 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 80.94.225.66 { exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; # passive off; # my_identifier address 93.84.113.11; # nonce_size 16; initial_contact on; proposal_check obey; lifetime time 24 hour; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo address 93.84.113.11 any address 192.168.200.254 any { pfs_group 2; lifetime time 3600 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } cat /etc/racoon/psk.txt 80.94.225.66 yourpasshere в /etc/rc.local setkey -f /etc/ipsec.conf /usr/sbin/racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log shitbox:ipsec_client [SukuDokuWiki]

SukuDokuWiki

User Tools

Site Tools

Trace: v_babruisk
shitbox:ipsec_client
yum install ipsec-tools
cat /etc/ipsec.conf
flush;
spdflush;
spdadd 93.84.113.11 192.168.200.254 any -P out ipsec esp/tunnel/93.84.113.11-80.94.225.66/require;
spdadd 192.168.200.254 93.84.113.11 any -P in ipsec esp/tunnel/80.94.225.66-93.84.113.11/require;
#
spdadd 93.84.113.11/32 80.94.164.22/32 any -P out ipsec esp/tunnel/93.84.113.11-80.94.164.22/require;
spdadd 80.94.164.22/32 93.84.113.11/32 any -P in ipsec esp/tunnel/80.94.164.22-93.84.113.11/require;
cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
#log debug;
log notify;

padding
{       maximum_length 20; randomize off;
        strict_check off; exclusive_tail off; }

listen { isakmp 93.84.113.11 [500]; }

timer { counter 5;  interval 20 sec;  persend 1;
        phase1 30 sec; phase2 15 sec; }

remote 80.94.225.66 {
        exchange_mode main,aggressive;
        doi ipsec_doi;
        situation identity_only;
#       passive off;
#       my_identifier address 93.84.113.11;
#       nonce_size 16;
        initial_contact on;
        proposal_check obey;
        lifetime time 24 hour;  # sec,min,hour

        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

sainfo address 93.84.113.11 any address 192.168.200.254 any
{       pfs_group 2;
        lifetime time 3600 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}
cat /etc/racoon/psk.txt

80.94.225.66    yourpasshere

в /etc/rc.local 

setkey -f /etc/ipsec.conf
/usr/sbin/racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log
shitbox/ipsec_client.txt · Last modified: 2010/11/10 07:23 by slayer

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki