Jason Dixon wrote: > # ... setup keys ... > # cd /etc/isakmpd > # openssl genrsa -out private/local.key 1024 > # chmod 600 private/local.key > # openssl rsa -out pubkeys/`hostname`.pub -in private/local.key -pubout > # ln pubkeys/`hostname`.pub pubkeys/ipv4/10.0.0.2 > # scp pubkeys/ipv4/10.0.0.2 [EMAIL PROTECTED]:/etc/isakmpd/pubkeys/ipv4/ > > # ... setup flows ... > # echo 'flow esp from 10.20.20.0/24 to 10.30.30.0/24 peer 10.0.0.3' > > /etc/ipsec.conf > # ipsecctl -f /etc/ipsec.conf > # echo 'Authorizer: "POLICY"' > /etc/isakmpd/isakmpd.policy > # chmod 600 /etc/isakmpd/isakmpd.policy > # isakmpd
isakmpd -Ka can do it's job even without policy file.
