Hi all, I'm having a public inet server having eth0 with a single public IP;
however, I want to create a virtual network on this server (class C) and let
other clients connect to it (as they would be within this class C network);
* 111.222.333.444/24 is the (fake) ip/network my public inet host is in;
* 192.168.212.0/24 shall be the class C network
I now want other clients to share this class C network using IPsec, ideally
ipsec-tools (racoon);
however, I never did this before (openvpn is not an option).
the clients shall be able to connect from legacy windows clients too.
and Linux(/Gentoo) of course, too (e.g. me).
I did: emerge ipsec-tools
and created a /etc/racoon/racoon.conf as below:
remote anonymous {
exchange_mode aggressive,main,base;
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish 448, twofish, rijndael;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
What exactly means "sainfo"? however, while this one seemed pretty easy, I
really do not know what to enter in /etc/ipsec.conf. especially there, where
the client's IP address (as they're mostly exclusively) dynamic IPs and
though will change on mostly each [re]connect.
I did not yet understand their syntax yet :(
Can please someone help me in setting this up? ... in pointing me were I find
a good-for-n00b tutorial on how to set this up?
Thanks in advance,
Christian Parpart.
--
02:47:24 up 123 days, 15:55, 0 users, load average: 3.33, 6.28, 4.35
pgpfmKRrK1oOy.pgp
Description: PGP signature
