I've added support for easy [sic] use of Racoon (IPSec tunneling) in trunk-1826.
There's a new comment block in /stat/etc/rc.conf explaining how this works. It's something like: IPSEC_PSK_ASSOCIATIONS=" $EXTIP:my-local-nets:remote:remote-nets:shared-key:profile my-local-nets is a comma separated list of networks you want to export to the remote endpoint (e.g. 192.168.1.0/24) remote is the public IP address of your peer remote-nets is a comma separated list of networks you want to import from the remote endpoint (e.g. 172.16.0.0/14) shared-key is either an ASCII string (no colons), or else a hex string starting with 0x... profile is either "normal" or "strong" (3des or aes) You can generate keys as: % dd if=/dev/random count=$(($bits / 8)) bs=1| (echo -n "0x" ; xxd -ps -c64) both ends of an association have to share the same key (hence the name) and profile type. On the remote endpoint, the arguments get swapped ($EXTIP vs. remote, my-local-nets vs. remote-nets) Now... if we just had support for configuring this via the GUI... hint... hint... -Philip ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
