Hi Claude,

do you think that it is enough, editing the entries
in /var/etc/racoon.conf? What about /var/etc/spd.conf? I'm asking since
I'm writing the code for bringing groups to IPSEC config (probably we'll
see it after 1.2final), but I'm not an expert in configuring
racoon/kame.

Ciao ...
	... PIT ...

Am Donnerstag, den 21.04.2005, 08:54 +0200 schrieb Claude Hecker:
> Create the first tunnel with the gui interface ..
> Switch to .../edit.php and edit /var/etc/racoon.conf like this
> 
> path pre_shared_key "/var/etc/psk.txt";
> 
> remote 201.52.32.34 {
>     exchange_mode aggressive;
>     my_identifier address  "203.123.63.195";
>     peers_identifier address "201.52.32.34";
>     initial_contact on;
>     support_proxy on;
>     proposal_check claim;
> 
>     proposal {
>         encryption_algorithm 3des;
>         hash_algorithm sha1;
>         authentication_method pre_shared_key;
>         dh_group 2;
>     }
> }
> 
> sainfo address 192.168.3.0/24 any address 10.1.128.0/24 any {
>     encryption_algorithm 3des;
>     authentication_algorithm hmac_sha1;
>     compression_algorithm deflate;
>     lifetime time 3600 secs;
> }
> 
> sainfo address 10.1.0.0/22  any address 10.1.128.0/24 any {
>     encryption_algorithm 3des;
>     authentication_algorithm hmac_sha1;
>     compression_algorithm deflate;
>     lifetime time 3600 secs;
> }
> 
> sainfo address 10.1.12.0/22  any address 10.1.128.0/24 any {
>     encryption_algorithm 3des;
>     authentication_algorithm hmac_sha1;
>     compression_algorithm deflate;
>     lifetime time 3600 secs;
> }


---------------------------------------------------------------------------
 copyleft(c) by |           "Besides, I think  Slackware  sounds better
 Peter Allgeyer |   _-_     than 'Microsoft,' don't you?" (By Patrick
                | 0(o_o)0   Volkerding)
---------------oOO--(_)--OOo-----------------------------------------------