Date: Tue, 28 Dec 2010 13:56:34 -0500 From: shdwbox@gearboxsystems.com To: freebsd-questions@freebsd.org Subject: Racoon.conf Message-ID: <96501e683004de4f83e76b460f48eb84.squirrel@www.gearboxsystems.com>
next in thread | raw e-mail | index | archive | help
I have a network with several locations using Gif tunnels with IPSEC.
I've been using racoon and it has been working properly. It seems silly
to keep having to put sections inside my racoon.conf file.
remote EXTERNAL_IP1
{
exchange_mode main, aggressive;
doi ipsec_doi;
my_identifier address;
nonce_size 16;
lifetime time 8 hour; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2 ;
lifetime time 28800 sec;
}
}
The example above shows the one location. I pretty much copy/paste this
and then change the ips accordingly and it works. Is this the proper way
to go about this? I've tried doing things like xx.xx.xx.xx/8 but racoon
will not accept that. I've also tried to do my_identifier "x.x.x.x"
"x.x.x.x" and in different variables but it returns a error.
Let me know, thanks!
--anexit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96501e683004de4f83e76b460f48eb84.squirrel>