Differences

This shows you the differences between two versions of the page.

--- technical:ipsec:ipsec-tools [2023/03/27 15:07] – jc
+++ technical:ipsec:ipsec-tools [2023/03/27 15:23] (current) – jc
@@ Line 11: / Line 11: @@
 ip tunnel add gre0  mode gre remote <remote_ip_addr> local <local_ip_addr> ttl 255
 ip link set gre0 up
-ip address <tunnel_ip_addr>/<subnet_mask>
+ip address <tunnel_ip_addr>/<subnet_mask> dev gre0
 ```
 # Configure ipsec.conf
+Create /etc/ipsec.conf
+```
+spdflush;
+spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out	ipsec esp/transport//require;
+spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in 	ipsec esp/transport//require;
+```
 # Configure racoon.conf
+Make racoon directory.
 ```
 mkdir /etc/racoon
+```
+Create racoon.conf file.
+```
+path certificate "/etc/racoon/";
+remote anonymous {
+	exchange_mode main;
+	lifetime time 2 hour;
+	certificate_type x509 "/etc/racoon/cert.pem" "/etc/racoon/key.pem";
+	ca_type x509 "/etc/racoon/ca.pem";
+	my_identifier asn1dn;
+	nat_traversal on;
+        script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead;
+	dpd_delay 120;
+	proposal {
+		encryption_algorithm aes 256;
+		hash_algorithm sha1;
+		authentication_method rsasig;
+		dh_group modp4096;
+	}
+	proposal {
+		encryption_algorithm aes 256;
+		hash_algorithm sha1;
+		authentication_method rsasig;
+		dh_group 2;
+	}
+}
+sainfo anonymous {
+	pfs_group 2;
+	lifetime time 2 hour;
+	encryption_algorithm aes 256;
+	authentication_algorithm hmac_sha1;
+	compression_algorithm deflate;
+}
 ```
 # Copy Certificates and Key
 ```
-scp {ca.pem,cert.pem,key.pem} <user>@<host>:/etc/racoon/ done
+scp {ca.pem,cert.pem,key.pem} <user>@<host>:/etc/racoon/
 ```
 # Enable the IPsec Service

生まれ変わる - umarekawaru

User Tools

Site Tools

Differences

Page Tools