On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: > Hello Karl and FreeBSD friends,
Hi all. > I recall having read about racoon and roadwarrior. Have a look to > /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm also > planning to install this on my server. However I have only little time at > the moment. I'm also looking for examples of configuration files to work > with. First, ipsec-tools is for IKEv1 only, as the subject of the original mail talks about IKEv2. For IKEv1 (with ipsec-tools), the simplest way to do this would be to create a remote "anonymous" and a sainfo "anonymous" section, with "generate_policy" set to on: racoon will negociate phase 1 / phase 2, then will generate SPD entries from peer's proposal. Of course, this means that you'll have to trust what your peers will negociate as traffic endpoints ! If you have some more time to spend on configuration (recommanded !), you can specify traffic endpoints for the sainfo section: valid endpoints (which match the sainfo) negociated by peer will work as described upper, and other traffic endpoints will not negociate, as racoon won't find any related sainfo. Yvan. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
