darthg8r
asked on
Linux-BSD Ipsec VPN
I need to establish from a Linux firewall to a FreeBSD server. I have successfully installed FreeS/Wan, but am quite confused as to what IP address I put where. If someone is kind enough to provide a working ipsec.conf file for this connection, I'll give bonus points. I have this tidbit of info from the side that I'm trying to connect to. It was originally designed for a racoon BSD client:
spdadd 172.27.224.0/24 10.11.58.0/24 any -P out ipsec
esp/tunnel/207.109.153.102 -208.61.77 .133/requi re;
spdadd 10.11.58.0/24 172.27.224.0/24 any -P in ipsec
esp/tunnel/208.61.77.133-2 07.109.153 .102/requi re;
#spdadd 207.109.153.105 10.11.58.1 any -P out ipsec
# esp/tunnel/207.109.153.102 -208.61.77 .133/requi re;
#spdadd 10.11.58.1 207.109.153.105 any -P in ipsec
# esp/tunnel/208.61.77.133-2 07.109.153 .102/requi re;
spdadd 207.109.153.103 10.11.58.1 any -P out ipsec
esp/tunnel/207.109.153.102 -208.61.77 .133/requi re;
spdadd 10.11.58.1 207.109.153.103 any -P in ipsec
esp/tunnel/208.61.77.133-2 07.109.153 .102/requi re;
spdadd 207.109.153.98 10.11.58.1 any -P out ipsec
esp/tunnel/207.109.153.102 -208.61.77 .133/requi re;
spdadd 10.11.58.1 207.109.153.98 any -P in ipsec
esp/tunnel/208.61.77.133-2 07.109.153 .102/requi re;
Here is our config setup:
remote anonymous
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 1 hour;
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 1 hour;
encryption_algorithm des, 3des;
authentication_algorithm hmac_md5, hmac_sha1;
compression_algorithm deflate ;
}
Cheers,
Darth
spdadd 172.27.224.0/24 10.11.58.0/24 any -P out ipsec
esp/tunnel/207.109.153.102
spdadd 10.11.58.0/24 172.27.224.0/24 any -P in ipsec
esp/tunnel/208.61.77.133-2
#spdadd 207.109.153.105 10.11.58.1 any -P out ipsec
# esp/tunnel/207.109.153.102
#spdadd 10.11.58.1 207.109.153.105 any -P in ipsec
# esp/tunnel/208.61.77.133-2
spdadd 207.109.153.103 10.11.58.1 any -P out ipsec
esp/tunnel/207.109.153.102
spdadd 10.11.58.1 207.109.153.103 any -P in ipsec
esp/tunnel/208.61.77.133-2
spdadd 207.109.153.98 10.11.58.1 any -P out ipsec
esp/tunnel/207.109.153.102
spdadd 10.11.58.1 207.109.153.98 any -P in ipsec
esp/tunnel/208.61.77.133-2
Here is our config setup:
remote anonymous
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 1 hour;
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 1 hour;
encryption_algorithm des, 3des;
authentication_algorithm hmac_md5, hmac_sha1;
compression_algorithm deflate ;
}
Cheers,
Darth
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not quite the answer I was looking for, but It helped a little further down the road. Thanks
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.