|
Тема |
Re: IPSEC м/у 2 FreeBSD-ta 5.4 ...помагайте в борб [re: amp;] |
|
Автор | пaтилaн (Нерегистриран) | |
Публикувано | 10.11.05 15:04 |
|
|
Ето една работеща конфигурация, дано помогне:
ipsec.conf:
spdadd 10.1.1.1/32 10.1.2.1/32 any -P out ipsec esp/tunnel/a.b.c.d-e.f.g.h/require;
spdadd 10.1.2.1/32 10.1.1.1/32 any -P in ipsec esp/tunnel/e.f.g.h-a.b.c.d/require;
racoon na stancia a.b.c.d:
psk.txt:
e.f.g.h XXXXXXXXXXXXXXXXXX
racoon.conf:
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
listen
{
isakmp a.b.c.d [500];
}
remote anonymous
{
exchange_mode main,aggressive;
lifetime time 86400 sec;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
lifetime time 86400 sec;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish ;
authentication_algorithm hmac_sha1, hmac_md5, non_auth;
compression_algorithm deflate ;
lifetime time 43200 sec;
}
remote e.f.g.h
{
exchange_mode aggressive;
my_identifier address "a.b.c.d";
peers_identifier address "e.f.g.h";
initial_contact on;
support_proxy on;
proposal_check obey;
lifetime time 28800 secs;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2;
lifetime time 28800 secs;
}
}
sainfo address 10.1.1.1 any address 10.1.2.1 any
{
pfs_group 2;
lifetime time 86400 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate ;
}
На другата станция обръщаш IP-tata НАВСЯКЪДЕ и готово
Дерзай и успех!
|
| |
|
|
|