37

this is using racoon for ike and ipsec tools. i didn’t use the racoon-tool or whatever the debian added config thing is for racoon because it wouldn’t startup properly for me. problems loading modules.

i believe the only extra packages installed passed the server defaults was shorewall firewall, racoon and ipsec-tools.

here’s the notes i took for adding a connection to a new remote host.

• add pre shared key to /etc/racoon/psk.txt
• update /etc/racoon/racoon.conf by adding a remote and sainfo sections similar to an existing entry. sainfo requires encryption_algorithm, authentication_algorithm and compression_algorithm entries.
• add spdadd entry pairs for both local to remote network and remote to local in /etc/ipsec-tools.conf.
• stop racoon: /etc/init.d/racoon stop
• restart ipsec: /etc/init.d/setkey restart
• start racoon: /etc/init.d/racoon start
• if racoon doesn’t start, check /var/log/daemon.log for config errors.
• add an entry to /etc/shorewall/tunnels to define the remote gateway
• add an entry to /etc/shorewall/zones to create a zone to use for rules. the zone name can’t be more than 5 characters long.
• add entries in the /etc/shorewall/hosts to define what hosts are in the zone
• add entires to /etc/shorewall/policy for whatever firewalling rules need to be created for the vpn. at a minimum an entry to allow full access from loc to vpn and vpn to loc would be necessary. everything gets dropped by default.
• restart shorewall: /etc/init.d/shorewall restart

This entry was posted on Wednesday, August 23rd, 2006 at 0:28 and is filed under computers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.