shitbox:ipsec_client
yum install ipsec-tools
cat /etc/ipsec.conf flush; spdflush; spdadd 93.84.113.11 192.168.200.254 any -P out ipsec esp/tunnel/93.84.113.11-80.94.225.66/require; spdadd 192.168.200.254 93.84.113.11 any -P in ipsec esp/tunnel/80.94.225.66-93.84.113.11/require; # spdadd 93.84.113.11/32 80.94.164.22/32 any -P out ipsec esp/tunnel/93.84.113.11-80.94.164.22/require; spdadd 80.94.164.22/32 93.84.113.11/32 any -P in ipsec esp/tunnel/80.94.164.22-93.84.113.11/require;
cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
#log debug;
log notify;
padding
{ maximum_length 20; randomize off;
strict_check off; exclusive_tail off; }
listen { isakmp 93.84.113.11 [500]; }
timer { counter 5; interval 20 sec; persend 1;
phase1 30 sec; phase2 15 sec; }
remote 80.94.225.66 {
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
# passive off;
# my_identifier address 93.84.113.11;
# nonce_size 16;
initial_contact on;
proposal_check obey;
lifetime time 24 hour; # sec,min,hour
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 93.84.113.11 any address 192.168.200.254 any
{ pfs_group 2;
lifetime time 3600 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
cat /etc/racoon/psk.txt 80.94.225.66 yourpasshere
в /etc/rc.local
setkey -f /etc/ipsec.conf /usr/sbin/racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log
shitbox/ipsec_client.txt · Last modified: 2010/11/10 07:23 by slayer
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
