User Tools
Sidebar
This is an old revision of the document!
<markdown> # Description IPsec-Tools was devloped by the KAME project and is now deprecated. You may still find this package usefulf for quickly configuring IPsec tunnels in an lab environment. # Install Install from Alpine APK or a package of your choice. ``` apk add ipsec-tools ``` # Configure Tunnel ``` ip tunnel add gre0 mode gre remote <remote_ip_addr> local <local_ip_addr> ttl 255 ip link set gre0 up ip address <tunnel_ip_addr>/<subnet_mask> dev gre0 ``` # Configure ipsec.conf Create /etc/ipsec.conf ``` spdflush; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transportrequire; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transportrequire; ``` # Configure racoon.conf Make racoon directory. ``` mkdir /etc/racoon ``` Create racoon.conf file. ``` path certificate “/etc/racoon/”; remote anonymous {
exchange_mode main;
lifetime time 2 hour;
certificate_type x509 "/etc/racoon/cert.pem" "/etc/racoon/key.pem";
ca_type x509 "/etc/racoon/ca.pem";
my_identifier asn1dn;
nat_traversal on;
script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead;
dpd_delay 120;
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp4096;
}
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2; lifetime time 2 hour; encryption_algorithm aes 256; authentication_algorithm hmac_sha1; compression_algorithm deflate;
} ``` # Copy Certificates and Key ``` scp {ca.pem,cert.pem,key.pem} <user>@<host>:/etc/racoon/ ``` # Enable the IPsec Service ``` setkey -f /etc/ipsec.conf racoon -f /etc/racoon/racoon.conf ``` </markdow n>