[NTLUG:Discuss] Encrypted network traffic on a local network
Leroy Tennison
leroy_tennison at prodigy.net
Mon Jul 9 21:22:44 CDT 2007
After posting I discovered the solution - files below (I have three
machines on a 10.12.14.0 subnet, these are from node 9).
Setkey configuration:
flush;
spdflush;
spdadd 10.12.14.9/32 10.12.14.0/24 any -P out ipsec esp/transport//require;
spdadd 10.12.14.0/24 10.12.14.9/32 any -P in ipsec esp/transport//require;
Racoon configuration:
path certificate "/etc/racoon/certs";
remote anonymous {
exchange_mode main ;
certificate_type x509 "linux-9.crt" "linux-9.key" ;
verify_cert on ;
my_identifier asn1dn ;
peers_identifier asn1dn ;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1 ;
authentication_method rsasig ;
dh_group modp1024 ;
}
}
#Local subnet - all IPSec hosts
sainfo anonymous {
pfs_group modp1024 ;
lifetime time 1 hour ;
encryption_algorithm 3des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
More information about the Discuss
mailing list