[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN/IPsec routing
In the spirit of sharing, here goes how I configured SSH Sentinel to
work with OBSD's isakmpd.
Attached, you'll find isakmpd.conf and isakmpd.policy. Sentinel's
really straightforward to configure (and since the new isakmpd -current
and -stable were updated to accept long proposals, "legacy proposal"
isn't needed anymore.)
If you have any further question, I'd happily answer then (or try,
anyway.) Also, I've got some jpg's of Sentinel's configuration (but I
don't think you'll need them.)
[]'s,
Rafael Coninck Teigao
VP
SafeCore Network Solutions
http://SafeCore.NET
+55 41 224 1785
--
-------------------------------------------------------------------------------
People should focus on the SOLUTION, not on the problem.
-------------------------------------------------------------------------------
[Phase 1]
Default= ISAKMP-clients
[Phase 2]
Passive-Connections= IPsec-clients
[ISAKMP-clients]
Phase= 1
Configuration= Sentinel-main-mode
Authentication= THEPASS
[IPsec-clients]
Phase= 2
Configuration= Sentinel-quick-mode
Local-ID= Local-net
Remote-ID= Remote-host
[Local-net]
ID-type= IPV4_ADDR_SUBNET
Network= 10.0.0.0
Netmask= 255.0.0.0
[Remote-host]
ID-type= IPV4_ADDR
Address= 0.0.0.0
[Sentinel-main-mode]
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Sentinel-quick-mode]
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
Comment: This policy accepts ESP SAs from a remote that uses the rigth password.
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";