[ previous ] [ next ] [ threads ]
 
 From:  Claude Hecker <claude dot hecker at phoenix dash mecano dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Site to Site IPSEC VPN with multiple LAN Subnets on one side.
 Date:  Tue, 10 May 2005 22:14:25 +0200 
Hi Peter,

You're right.. It's not enough, and Chris was right saying it would be lost
after a reboot... I forgot to talk about...

You can see how it would be done in the file /etc/inc/vpn.inc....

BTW we can talk directly in german, I'm interested in you codings.

Regards
Claude

Am 10.05.2005 19:48 Uhr schrieb "Peter Allgeyer" unter <allgeyer at web dot de>:

> Hi Claude,
> 
> do you think that it is enough, editing the entries
> in /var/etc/racoon.conf? What about /var/etc/spd.conf? I'm asking since
> I'm writing the code for bringing groups to IPSEC config (probably we'll
> see it after 1.2final), but I'm not an expert in configuring
> racoon/kame.
> 
> Ciao ...
> ... PIT ...
> 
> Am Donnerstag, den 21.04.2005, 08:54 +0200 schrieb Claude Hecker:
>> Create the first tunnel with the gui interface ..
>> Switch to .../edit.php and edit /var/etc/racoon.conf like this
>> 
>> path pre_shared_key "/var/etc/psk.txt";
>> 
>> remote 201.52.32.34 {
>>     exchange_mode aggressive;
>>     my_identifier address  "203.123.63.195";
>>     peers_identifier address "201.52.32.34";
>>     initial_contact on;
>>     support_proxy on;
>>     proposal_check claim;
>> 
>>     proposal {
>>         encryption_algorithm 3des;
>>         hash_algorithm sha1;
>>         authentication_method pre_shared_key;
>>         dh_group 2;
>>     }
>> }
>> 
>> sainfo address 192.168.3.0/24 any address 10.1.128.0/24 any {
>>     encryption_algorithm 3des;
>>     authentication_algorithm hmac_sha1;
>>     compression_algorithm deflate;
>>     lifetime time 3600 secs;
>> }
>> 
>> sainfo address 10.1.0.0/22  any address 10.1.128.0/24 any {
>>     encryption_algorithm 3des;
>>     authentication_algorithm hmac_sha1;
>>     compression_algorithm deflate;
>>     lifetime time 3600 secs;
>> }
>> 
>> sainfo address 10.1.12.0/22  any address 10.1.128.0/24 any {
>>     encryption_algorithm 3des;
>>     authentication_algorithm hmac_sha1;
>>     compression_algorithm deflate;
>>     lifetime time 3600 secs;
>> }
> 
> 
> ---------------------------------------------------------------------------
>  copyleft(c) by |           "Besides, I think  Slackware  sounds better
>  Peter Allgeyer |   _-_     than 'Microsoft,' don't you?" (By Patrick
>                 | 0(o_o)0   Volkerding)
> ---------------oOO--(_)--OOo-----------------------------------------------
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>