• minu töömasina IP: addr:192.168.108.71
• PSK on urbfdiwi3729irsdf

Kuna ise fbsd all confin siis spetsiifiliselt näide selle kohta, linuxis ilmselt väikesed variatsiooni confifailide asukohas ja pakkide installatsiooni meetodis.

Enda masina IP on 192.168.1.66, speedtouchist on öeldud et IPSEC stuff tuleb sellele IPle forwardida (port 500 udp ja veel miskit).

kerneli confi tuleb lisada options IPSEC

pkg_add -r ipsec_tools

/usr/local/etc/racoon/racoon.conf

remote anonymous
{
        exchange_mode aggressive;
        doi ipsec_doi;
        situation identity_only;

        my_identifier user_fqdn "eesnimi.perenimi@unix.elion.ee";

        nonce_size 16;
        initial_contact on;
        proposal_check obey;    # obey, strict or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

sainfo anonymous
{
        pfs_group 2;
        lifetime time 3600 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

/usr/local/etc/racoon/psk.txt

194.126.122.194 <SINU KEY>

chmod 600 /usr/local/etc/racoon/psk.txt

/etc/ipsec.conf

spdadd 192.168.1.66/32 192.168.0.0/16 any -P out ipsec esp/tunnel/192.168.1.66-194.126.122.194/require;
spdadd 192.168.0.0/16 192.168.1.66/32 any -P in ipsec esp/tunnel/194.126.122.194-192.168.1.66/require;

Lisada järgnevad read faili: /etc/rc.conf

racoon_enable="YES"
racoon_flags="-f /usr/local/etc/racoon/racoon.conf"
ipsec_enable="YES"

/etc/resolv.conf juurde elioni sisevõrgu nimekad:

nameserver 192.168.90.50
nameserver 192.168.39.9

Peale rebooti võikski toimida ntx. kasvõi ping siseportaal.elion.ee