Subject: Re: IPSec config and RACOON
To: None <>
From: Darren Reed <>
List: tech-net
Date: 08/29/2001 07:39:34
In some email I received from, sie wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> I have made a custom kernel with IPSec ON. Unfortunately, there was no
> ipsec.conf that was created in the process. What does ipsec.conf contain,
> and is there an example of this file?

FWIW, my ipsec.conf looks like this:

#! /bin/sh
/usr/local/v6/sbin/setkey -c << __EOF__
# Manual keying for Solaris8
add esp 0x105 \
	-E des-cbc deskey1 -A hmac-md5 md5key1;
add esp 0x106 \
	-E des-cbc deskey2 -A hmac-md5 md5key2;
spdadd any -P out ipsec esp/transport//require;
spdadd any -P in ipsec esp/transport//require;
# For a tunnel to a win2k box. destip is a remote box. for example:
# destip =
# tunnelsrc =
# localip =
spdadd destip tunnelsrc any
        -P out ipsec esp/tunnel/localip-tunnelsrc/require;
spdadd tunnelsrc destip any
        -P in ipsec esp/tunnel/tunnelsrc-localip/require;

If you are using 1.5 or 1.5.1 or 1.5.2, download the latest KAME snapshot
and install that.  isakmpd is a PoS.  racoon is much better.