IPsec-Tools was devloped by the KAME project and is now deprecated. You may still find this package usefulf for quickly configuring IPsec tunnels in an lab environment.
Install from Alpine APK or a package of your choice.
apk add ipsec-tools
ip tunnel add gre0 mode gre remote <remote_ip_addr> local <local_ip_addr> ttl 255 ip link set gre0 up ip address <tunnel_ip_addr>/<subnet_mask> dev gre0
Create /etc/ipsec.conf
spdflush; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require;
Make racoon directory.
mkdir /etc/racoon
Create racoon.conf file.
path certificate "/etc/racoon/";
remote anonymous {
exchange_mode main;
lifetime time 2 hour;
certificate_type x509 "/etc/racoon/cert.pem" "/etc/racoon/key.pem";
ca_type x509 "/etc/racoon/ca.pem";
my_identifier asn1dn;
nat_traversal on;
script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead;
dpd_delay 120;
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp4096;
}
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2;
lifetime time 2 hour;
encryption_algorithm aes 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
scp {ca.pem,cert.pem,key.pem} <user>@<host>:/etc/racoon/
setkey -f /etc/ipsec.conf racoon -f /etc/racoon/racoon.conf