Racoon
Version vom 18. März 2014, 18:59 Uhr von 192.168.244.99 (Diskussion) (Die Seite wurde neu angelegt: „==/etc/setkey.conf== #!/usr/sbin/setkey -f flush; spdflush; spdadd 192.168.254.0/24 192.168.200.0/21 any -P out ipsec esp/tunnel/217.91.41.188-217.89.…“)
/etc/setkey.conf
#!/usr/sbin/setkey -f flush; spdflush; spdadd 192.168.254.0/24 192.168.200.0/21 any -P out ipsec esp/tunnel/217.91.41.188-217.89.52.3/require; spdadd 192.168.200.0/21 192.168.254.0/24 any -P in ipsec esp/tunnel/217.89.52.3-217.89.52.3/require;
starten von setkey
setkey -f /etc/setkey.conf
/etc/racoon.conf
path pre_shared_key "/etc/psk.txt"; remote 217.89.52.3 { exchange_mode main; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group modp1536; } } sainfo address 192.168.254.0/24 any address 192.168.200.0/21 any { pfs_group modp1536; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; }
/etc/psk.txt
217.89.52.3 schmeich-daneich-gleich
starten von racoon
racoon -Ff /etc/racoon.conf