pakaju moi konfig.. mojet 4iota pamojet
cat /etc/ipsec.conf
flush;
spdflush;
spdadd 192.168.10.0/24 10.15.2.0/24 any -P out ipsec esp/tunnel/83.218.196.33-89.187.66.30/require;
spdadd 10.15.2.0/24 192.168.10.0/24 any -P in ipsec esp/tunnel/89.187.66.30-83.218.196.33/require;
//*********************************************************************\\
cat /usr/local/etc/racoon.conf
racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
# "path" must be placed before it should be used.
# You can overwrite which you defined, but it should not use due to confusing.
path include "/usr/local/etc/racoon" ;
#include "remote.conf" ;
# search this file for pre_shared_key with various ID key.
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
log notify;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
isakmp 83.218.196.33 [500];
}
timer
{
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
phase1 30 sec;
phase2 15 sec;
}
remote 89.187.66.30
{
exchange_mode main; # For Firewall-1 Aggressive mode
my_identifier address 83.218.196.33;
peers_identifier address 89.187.66.30;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
lifetime time 24 hours;
dh_group 2;
}
}
sainfo address 192.168.10.0/24 any address 10.15.2.0/24 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
sainfo address 10.15.2.0/24 any address 192.168.10.0/24 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}