OpenForum RSS: ipsec, racoon � ��

ipsec, racoon � �� (umart)

Mon, 01 Jun 2009 13:05:33 GMT

>gsmrouter# less /usr/local/etc/racoon/ipsec.conf
>flush;
>spdflush;
>
>spdadd 10.112.223.224/27 172.16.0.0/24 any -P out ipsec esp/tunnel/yyy.yyy.yyy.yyy-xxx.xxx.xxx.xxx/require;
>spdadd 172.16.0.0/24 10.112.223.224/27 any -P in ipsec esp/tunnel/xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy/require;
>
>spdadd 10.112.223.224/27 10.111.0.0/19 any -P out ipsec esp/tunnel/yyy.yyy.yyy.yyy-xxx.xxx.xxx.xxx/require;
>spdadd 10.111.0.0/19 10.112.223.224/27 any -P in ipsec esp/tunnel/xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy/require;

�� require �� unique. �� !

ipsec, racoon � �� (umart)

Mon, 01 Jun 2009 11:08:33 GMT

>�� ipsec.conf, racoon.conf?

gsmrouter# less /usr/local/etc/racoon/racoon.conf
path include "/usr/local/etc/racoon";
path pre_shared_key "/usr/local/etc/racoon/psk.txt";

log debug2;

padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}

listen {
isakmp yyy.yyy.yyy.yyy [500];
}

timer {
counter 5;
interval 20 sec;
persend 1;

phase1 30 sec;
phase2 15 sec;
}

remote xxx.xxx.xxx.xxx {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
initial_contact on;
initial_contact on;
proposal_check obey;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo address 10.112.223.224/27 any address 172.16.0.0/24 any {
pfs_group 2;
lifetime time 3600 sec;
encryption_algorithm aes128;
authentication_algorithm hmac_sha1;
compression_algorithm deflat

ipsec, racoon � �� (kamserg)

Mon, 01 Jun 2009 10:41:57 GMT

>�� ,
>
>�� freebsd � �� Cisco. � ipsec.conf ��
>�� , �� (��
>��). �� racoon'a, ipsec'a �� ?

�� ipsec.conf, racoon.conf?

OpenForum RSS: ipsec, racoon � ��������� �����

ipsec, racoon � ��������� ����� (umart)

ipsec, racoon � ��������� ����� (umart)

ipsec, racoon � ��������� ����� (kamserg)

OpenForum RSS: ipsec, racoon � ��

ipsec, racoon � �� (umart)

ipsec, racoon � �� (umart)

ipsec, racoon � �� (kamserg)