**This is an old revision of the document!**
IPSec for FreeBSD's jails communication
Abstract: Here we assume we have two FreeBSD hosts, A using public IP 1.1.1.1 and internal virtual net 192.168.3.0 for jails, and B using public IP 2.2.2.2 and internal net 192.168.6.0 for jails.
* [[http://www.freebsd.org/doc/en/books/handbook/kernelconfig-building.html|Compile]] a custom kernel with the following additional options
options IPSEC options IPSEC_FILTERTUNNEL device crypto
- Install racoon
# cd /usr/ports/sysutils/ipsec-tools/ # make install
* On host A:
/etc/rc.conf
cloned_interfaces="gif0" ifconfig_gif0="inet 192.168.3.1 192.168.6.1 tunnel 1.1.1.1 2.2.2.2" static_routes="internalnet1" route_internalnet1="-net 192.168.6.0/24 192.168.6.1" ipsec_enable="YES" ipsec_program="/usr/local/sbin/setkey" ipsec_file="/usr/local/etc/racoon/setkey.conf" # allows setting up spd policies on boot racoon_flags="-l /var/log/racoon.log && echo -n 'racoon'" racoon_enable="yes" gateway_enable="YES"