aptitude install racoon ipsec-tools
# cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.100.0/24 192.168.110.0/24 any -P out ipsec esp/tunnel/93.125.3.114-92.241.102.234/require;
spdadd 192.168.110.0/24 192.168.100.0/24 any -P in ipsec esp/tunnel/92.241.102.234-93.125.3.114/require;
# cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous
{
exchange_mode main;
passive on;
proposal {
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
encryption_algorithm des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
# cat /etc/racoon/psk.txt
92.241.102.234 mysecrethere
в rc.local:
setkey -f /etc/ipsec-tools.conf
aptitude install racoon ipsec-tools
# cat /etc/ipsec-tools.conf #!/usr/sbin/setkey -f flush; spdflush; spdadd 192.168.100.0/24 192.168.110.0/24 any -P out ipsec esp/tunnel/93.125.3.114-92.241.102.234/require; spdadd 192.168.110.0/24 192.168.100.0/24 any -P in ipsec esp/tunnel/92.241.102.234-93.125.3.114/require;
# cat /etc/racoon/racoon.conf path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode main; passive on; proposal { encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2 ; } } sainfo anonymous { pfs_group 2; encryption_algorithm des; authentication_algorithm hmac_md5; compression_algorithm deflate; } # cat /etc/racoon/psk.txt 92.241.102.234 mysecrethere
в rc.local:
setkey -f /etc/ipsec-tools.conf