Kame
Zur Navigation springen
Zur Suche springen
/etc/setkey.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.254.0/24 192.168.200.0/21 any -P out ipsec
esp/tunnel/217.91.41.188-217.89.52.3/require;
spdadd 192.168.200.0/21 192.168.254.0/24 any -P in ipsec
esp/tunnel/217.89.52.3-217.89.52.3/require;
starten von setkey
setkey -f /etc/setkey.conf
/etc/racoon.conf
path pre_shared_key "/etc/psk.txt";
remote 217.89.52.3 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1536;
}
}
sainfo address 192.168.254.0/24 any address 192.168.200.0/21 any {
pfs_group modp1536;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
/etc/psk.txt
217.89.52.3 schmeich-daneich-gleich
starten von racoon
racoon -Ff /etc/racoon.conf