Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
public:ipsec [2011/01/29 20:53] – grrrr Nico | public:ipsec [2012/03/09 22:43] (current) – [IPSec for FreeBSD's jails communication] typo Nico | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== IPSec for FreeBSD' | ====== IPSec for FreeBSD' | ||
- | **Abstract**: | + | **Abstract**: |
===== Preparation on both hosts ===== | ===== Preparation on both hosts ===== | ||
Line 30: | Line 30: | ||
cloned_interfaces=" | cloned_interfaces=" | ||
ifconfig_gif0=" | ifconfig_gif0=" | ||
- | static_routes=" | + | static_routes=" |
- | route_internalnet1="-net 192.168.6.0/ | + | route_internalnet2="-net 192.168.6.0/ |
ipv6_ifconfig_gif0=" | ipv6_ifconfig_gif0=" | ||
Line 54: | Line 54: | ||
spdadd 192.168.3.0/ | spdadd 192.168.3.0/ | ||
spdadd 192.168.6.0/ | spdadd 192.168.6.0/ | ||
+ | spdadd 2001: | ||
+ | spdadd 2001: | ||
</ | </ | ||
Line 62: | Line 64: | ||
# IPv4/v6 addresses | # IPv4/v6 addresses | ||
# | # | ||
- | 2.2.2.2 | + | 2.2.2.2 |
+ | 2001: | ||
</ | </ | ||
Line 92: | Line 95: | ||
{ | { | ||
isakmp | isakmp | ||
+ | isakmp | ||
+ | | ||
} | } | ||
remote 2.2.2.2 [500] | remote 2.2.2.2 [500] | ||
+ | { | ||
+ | exchange_mode | ||
+ | doi | ||
+ | situation | ||
+ | my_identifier | ||
+ | peers_identifier | ||
+ | lifetime | ||
+ | passive | ||
+ | proposal_check | ||
+ | | ||
+ | generate_policy off; | ||
+ | |||
+ | proposal { | ||
+ | encryption_algorithm | ||
+ | hash_algorithm | ||
+ | authentication_method | ||
+ | lifetime time 30 sec; | ||
+ | dh_group | ||
+ | } | ||
+ | } | ||
+ | |||
+ | remote 2001: | ||
{ | { | ||
exchange_mode | exchange_mode | ||
Line 133: | Line 160: | ||
} | } | ||
+ | sainfo | ||
+ | { # $network must be the two internal networks you are joining. | ||
+ | pfs_group | ||
+ | lifetime | ||
+ | encryption_algorithm | ||
+ | authentication_algorithm | ||
+ | compression_algorithm | ||
+ | } | ||
+ | sainfo | ||
+ | { # $network must be the two internal networks you are joining. | ||
+ | pfs_group | ||
+ | lifetime | ||
+ | encryption_algorithm | ||
+ | authentication_algorithm | ||
+ | compression_algorithm | ||
+ | } | ||
</ | </ | ||
+ | |||
=== Start === | === Start === | ||
Line 143: | Line 187: | ||
# ifconfig gif0 192.168.3.1 192.168.6.1 | # ifconfig gif0 192.168.3.1 192.168.6.1 | ||
# ifconfig gif0 tunnel 1.1.1.1 2.2.2.2 | # ifconfig gif0 tunnel 1.1.1.1 2.2.2.2 | ||
+ | # ifconfig gif0 inet6 2001: | ||
# route add 192.168.6.0 192.168.6.1 255.255.255.0 | # route add 192.168.6.0 192.168.6.1 255.255.255.0 | ||
+ | # route add -inet6 2001: | ||
# / | # / | ||
# / | # / | ||
Line 186: | Line 232: | ||
spdadd 192.168.6.0/ | spdadd 192.168.6.0/ | ||
spdadd 192.168.3.0/ | spdadd 192.168.3.0/ | ||
+ | spdadd 2001: | ||
+ | spdadd 2001: | ||
</ | </ | ||
Line 194: | Line 242: | ||
# IPv4/v6 addresses | # IPv4/v6 addresses | ||
# | # | ||
- | 1.1.1.1 | + | 1.1.1.1 |
+ | 2001: | ||
</ | </ | ||
Line 224: | Line 273: | ||
{ | { | ||
isakmp | isakmp | ||
+ | isakmp | ||
} | } | ||
remote 1.1.1.1 [500] | remote 1.1.1.1 [500] | ||
+ | { | ||
+ | exchange_mode | ||
+ | doi | ||
+ | situation | ||
+ | my_identifier | ||
+ | peers_identifier | ||
+ | lifetime | ||
+ | passive | ||
+ | proposal_check | ||
+ | | ||
+ | generate_policy off; | ||
+ | |||
+ | proposal { | ||
+ | encryption_algorithm | ||
+ | hash_algorithm | ||
+ | authentication_method | ||
+ | lifetime time 30 sec; | ||
+ | dh_group | ||
+ | } | ||
+ | } | ||
+ | |||
+ | remote 2001: | ||
{ | { | ||
exchange_mode | exchange_mode | ||
Line 265: | Line 337: | ||
} | } | ||
+ | sainfo | ||
+ | { # $network must be the two internal networks you are joining. | ||
+ | pfs_group | ||
+ | lifetime | ||
+ | encryption_algorithm | ||
+ | authentication_algorithm | ||
+ | compression_algorithm | ||
+ | } | ||
+ | sainfo | ||
+ | { # $network must be the two internal networks you are joining. | ||
+ | pfs_group | ||
+ | lifetime | ||
+ | encryption_algorithm | ||
+ | authentication_algorithm | ||
+ | compression_algorithm | ||
+ | } | ||
</ | </ | ||
Line 275: | Line 363: | ||
# ifconfig gif0 192.168.6.1 192.168.3.1 | # ifconfig gif0 192.168.6.1 192.168.3.1 | ||
# ifconfig gif0 tunnel 2.2.2.2 1.1.1.1 | # ifconfig gif0 tunnel 2.2.2.2 1.1.1.1 | ||
+ | # ifconfig gif0 inet6 2001: | ||
# route add 192.168.3.0 192.168.3.1 255.255.255.0 | # route add 192.168.3.0 192.168.3.1 255.255.255.0 | ||
+ | # route add -inet6 2001: | ||
# / | # / | ||
# / | # / |