User Tools

Site Tools


shitbox:ipsec_server
aptitude install racoon ipsec-tools
# cat /etc/ipsec-tools.conf

#!/usr/sbin/setkey -f
flush;
spdflush;

spdadd 192.168.100.0/24 192.168.110.0/24 any -P out ipsec esp/tunnel/93.125.3.114-92.241.102.234/require;
spdadd 192.168.110.0/24 192.168.100.0/24 any -P in ipsec  esp/tunnel/92.241.102.234-93.125.3.114/require;
# cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote  anonymous
{
    exchange_mode main;
    passive on;
    proposal {
        encryption_algorithm des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2 ;
    }
}

sainfo anonymous
{
    pfs_group 2;
    encryption_algorithm des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}

# cat /etc/racoon/psk.txt
92.241.102.234 mysecrethere

в rc.local:

setkey -f /etc/ipsec-tools.conf
shitbox/ipsec_server.txt · Last modified: 2010/11/10 07:28 by slayer