From owner-freebsd-questions@FreeBSD.ORG Tue Dec 28 20:08:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 431501065697 for ; Tue, 28 Dec 2010 20:08:17 +0000 (UTC) (envelope-from shdwbox@gearboxsystems.com) Received: from sh89.surpasshosting.com (sh89.surpasshosting.com [72.29.83.173]) by mx1.freebsd.org (Postfix) with ESMTP id 16BA48FC17 for ; Tue, 28 Dec 2010 20:08:16 +0000 (UTC) Received: from localhost ([127.0.0.1]:54572 helo=www.gearboxsystems.com) by sh89.surpasshosting.com with esmtpa (Exim 4.69) (envelope-from ) id 1PXeio-0003TY-2L for freebsd-questions@freebsd.org; Tue, 28 Dec 2010 13:56:34 -0500 Received: from 24.213.203.14 ([24.213.203.14]) (SquirrelMail authenticated user shdwbox@gearboxsystems.com) by www.gearboxsystems.com with HTTP; Tue, 28 Dec 2010 13:56:34 -0500 Message-ID: <96501e683004de4f83e76b460f48eb84.squirrel@www.gearboxsystems.com> Date: Tue, 28 Dec 2010 13:56:34 -0500 From: shdwbox@gearboxsystems.com To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sh89.surpasshosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gearboxsystems.com X-Source: X-Source-Args: X-Source-Dir: Subject: Racoon.conf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Dec 2010 20:08:17 -0000 I have a network with several locations using Gif tunnels with IPSEC. I've been using racoon and it has been working properly. It seems silly to keep having to put sections inside my racoon.conf file. remote EXTERNAL_IP1 { exchange_mode main, aggressive; doi ipsec_doi; my_identifier address; nonce_size 16; lifetime time 8 hour; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2 ; lifetime time 28800 sec; } } The example above shows the one location. I pretty much copy/paste this and then change the ips accordingly and it works. Is this the proper way to go about this? I've tried doing things like xx.xx.xx.xx/8 but racoon will not accept that. I've also tried to do my_identifier "x.x.x.x" "x.x.x.x" and in different variables but it returns a error. Let me know, thanks! --anexit