IPSEC on 5.5
jon at axismilton.ltd.uk
Thu Oct 19 20:17:27 BST 2006
I'm trying to get IPSEC going on 5.5 according to http://
There seem to be a few anomolies in the racoon department like it's
racoon2 that exists as a port, its startup rc is slightly broken. It
wants to run /usr/local/etc/rc.d/spmd and friends whereas spmd.sh
Should I be trying isakpmd instead ?
I've got some untested script for setting up multiple VPNs that reads
lines from a file containing addresses, psk etc. and builds suitable
bits of ipf.conf (yes I like ipfilter), ipsec.conf and something to
be included by rc.conf according to the example in the handbook page.
What do other folk use and can the documentation be fixed please ? I
have briefly tinkered with ipsec in the past but never with key
negotiation. I think I might try to stick with manual keying for the
time being unless somebody can confirm racoon's brokenness is only in
the rc scripts.
Also why are both esp and ipencap protocols allowed when presumably
only one flows ?
More information about the Ukfreebsd