1 |
Hi all, |
2 |
|
3 |
I'm having a public inet server having eth0 with a single public IP; |
4 |
|
5 |
however, I want to create a virtual network on this server (class C) and let |
6 |
other clients connect to it (as they would be within this class C network); |
7 |
|
8 |
* 111.222.333.444/24 is the (fake) ip/network my public inet host is in; |
9 |
* 192.168.212.0/24 shall be the class C network |
10 |
|
11 |
I now want other clients to share this class C network using IPsec, ideally |
12 |
ipsec-tools (racoon); |
13 |
|
14 |
however, I never did this before (openvpn is not an option). |
15 |
|
16 |
the clients shall be able to connect from legacy windows clients too. |
17 |
and Linux(/Gentoo) of course, too (e.g. me). |
18 |
|
19 |
I did: emerge ipsec-tools |
20 |
|
21 |
and created a /etc/racoon/racoon.conf as below: |
22 |
|
23 |
remote anonymous { |
24 |
exchange_mode aggressive,main,base; |
25 |
lifetime time 24 hour; |
26 |
proposal { |
27 |
encryption_algorithm 3des; |
28 |
hash_algorithm sha1; |
29 |
authentication_method pre_shared_key; |
30 |
dh_group 2; |
31 |
} |
32 |
} |
33 |
|
34 |
sainfo anonymous { |
35 |
pfs_group 2; |
36 |
lifetime time 12 hour; |
37 |
encryption_algorithm 3des, blowfish 448, twofish, rijndael; |
38 |
authentication_algorithm hmac_sha1, hmac_md5; |
39 |
compression_algorithm deflate; |
40 |
} |
41 |
|
42 |
What exactly means "sainfo"? however, while this one seemed pretty easy, I |
43 |
really do not know what to enter in /etc/ipsec.conf. especially there, where |
44 |
the client's IP address (as they're mostly exclusively) dynamic IPs and |
45 |
though will change on mostly each [re]connect. |
46 |
|
47 |
I did not yet understand their syntax yet :( |
48 |
|
49 |
Can please someone help me in setting this up? ... in pointing me were I find |
50 |
a good-for-n00b tutorial on how to set this up? |
51 |
|
52 |
Thanks in advance, |
53 |
Christian Parpart. |
54 |
|
55 |
-- |
56 |
02:47:24 up 123 days, 15:55, 0 users, load average: 3.33, 6.28, 4.35 |