port-i386: IPsec.conf

Subject: IPsec.conf
To: None <port-i386@netbsd.org>
From: dkwok <dkwok@iware.com.au>
List: port-i386
Date: 04/28/2001 14:53:19
This is a multi-part message in MIME format.

------=_NextPart_000_000D_01C0CFF2.F687BCE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Trying very hard to understand ipsec however documentation is rather =
scare.

I can set up ipsec between 2 machines with racoon. Now I am trying to =
automate the process. I understand rc.conf can turn on ipsec:

ipsec=3D"YES"  #use /etc/ipsec.conf

what is the format and content of /etc/ipsec.conf

is there an example of ipsec.conf?

In setting up a VPN, the VPN gateway has to have public ip and cannot be =
hiding behind NAT. Is my understanding correct?=20

With a lot of ISP only give out dynamic ip, is it possible to setup up =
security policy with dynamic ip of vpn gateways?

David Kwok

------=_NextPart_000_000D_01C0CFF2.F687BCE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Trying very hard to understand ipsec =
however=20
documentation is rather scare.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I can set up ipsec between 2 machines =
with racoon.=20
Now I am trying to automate the process. I understand rc.conf can turn =
on=20
ipsec:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>ipsec=3D"YES"&nbsp; #use =
/etc/ipsec.conf</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>what is the format and content of=20
/etc/ipsec.conf</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>is there an example of =
ipsec.conf?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>In setting up a VPN, the VPN gateway =
has to have=20
public ip and cannot be hiding behind NAT. Is my understanding correct?=20
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>With a lot of ISP only give out dynamic =
ip, is it=20
possible to setup up security policy with dynamic ip of vpn=20
gateways?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>David Kwok</FONT></DIV></BODY></HTML>

------=_NextPart_000_000D_01C0CFF2.F687BCE0--