Subject: Re: IPSec w. IPv4 Wierdness
To: None <firstname.lastname@example.org, email@example.com, firstname.lastname@example.org>
From: Alex Barclay <email@example.com>
Date: 01/01/2001 19:17:16
> I'm going to continue attempting to get racoon working instead of isakmpd
> as it may be a better fit with netbsd.
So I got racoon working. To establish the security policy I did:
route -n add -net 10.2.0.0 10.3.3.3
setkey -c << EOF
spdadd 10.3.3.0/24 10.2.0.0/16 any -P out ipsec
spdadd 10.2.0.0/16 10.3.3.0/24 any -P in ipsec
The racoon config was:
# $KAME: racoon.conf.sample,v 1.20 2000/11/03 15:08:03 sakane Exp $
path pre_shared_key "/etc/racoon/psk.txt" ;
authentication_method pre_shared_key ;
encryption_algorithm 3des, blowfish, des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
The psk.txt file is my little secret :-)
This appears to work in both directions correctly for telnet, X11. I'll
let you know in the next couple of weeks how is works for other stuff like
H.323, MGCP and SIP which are my day job.
As I had already said the other end of this is a Cisco 2600 running
IOS 12.0.7 single DES
This also appears to be reproducable. I can clear the routes and SPD
entries and restart them a number of times.
I'd like to thank the kame folks for a great job.