# Description IPsec-Tools was devloped by the KAME project and is now deprecated. You may still find this package usefulf for quickly configuring IPsec tunnels in an lab environment. # Install Install from Alpine APK or a package of your choice. ``` apk add ipsec-tools ``` # Configure Tunnel ``` ip tunnel add gre0 mode gre remote local ttl 255 ip link set gre0 up ip address / dev gre0 ``` # Configure ipsec.conf Create /etc/ipsec.conf ``` spdflush; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require; ``` # Configure racoon.conf Make racoon directory. ``` mkdir /etc/racoon ``` Create racoon.conf file. ``` path certificate "/etc/racoon/"; remote anonymous { exchange_mode main; lifetime time 2 hour; certificate_type x509 "/etc/racoon/cert.pem" "/etc/racoon/key.pem"; ca_type x509 "/etc/racoon/ca.pem"; my_identifier asn1dn; nat_traversal on; script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead; dpd_delay 120; proposal { encryption_algorithm aes 256; hash_algorithm sha1; authentication_method rsasig; dh_group modp4096; } proposal { encryption_algorithm aes 256; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 hour; encryption_algorithm aes 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } ``` # Copy Certificates and Key ``` scp {ca.pem,cert.pem,key.pem} @:/etc/racoon/ ``` # Enable the IPsec Service ``` setkey -f /etc/ipsec.conf racoon -f /etc/racoon/racoon.conf ```