tech-net: Re: IPSec config and RACOON

Subject: Re: IPSec config and RACOON
To: None <mike@wkla.com>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 08/29/2001 07:39:34

In some email I received from mike@wkla.com, sie wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> I have made a custom kernel with IPSec ON. Unfortunately, there was no
> ipsec.conf that was created in the process. What does ipsec.conf contain,
> and is there an example of this file?

FWIW, my ipsec.conf looks like this:

#! /bin/sh
#
/usr/local/v6/sbin/setkey -c << __EOF__
spdflush;
flush;
#
# Manual keying for Solaris8
#
add 192.168.1.222 192.168.1.254 esp 0x105 \
	-E des-cbc deskey1 -A hmac-md5 md5key1;
add 192.168.1.254 192.168.1.222 esp 0x106 \
	-E des-cbc deskey2 -A hmac-md5 md5key2;
spdadd 192.168.1.254 192.168.1.222 any -P out ipsec esp/transport//require;
spdadd 192.168.1.222 192.168.1.254 any -P in ipsec esp/transport//require;
#
# For a tunnel to a win2k box. destip is a remote box. for example:
# destip = 128.0.1.1/32
# tunnelsrc = 192.168.10.10/32
# localip = 192.168.10.1/32
#
spdadd destip tunnelsrc any
        -P out ipsec esp/tunnel/localip-tunnelsrc/require;
spdadd tunnelsrc destip any
        -P in ipsec esp/tunnel/tunnelsrc-localip/require;
#
__EOF__
exit

If you are using 1.5 or 1.5.1 or 1.5.2, download the latest KAME snapshot
and install that.  isakmpd is a PoS.  racoon is much better.

Darren