[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN OBSD <-> FW1

My sad attempt and address sanitization has failed..

Just to avoid confusion, this isakmpd.conf has IPs that match.

Better then forgetting the preshared keys I suppose.


[General]
Default-phase-1-lifetime=       10080,60:604800
Default-phase-2-lifetime=       3600,60:604800

[Phase 1]
209.82.111.146=         Gate2-Peer
202.177.205.130=        AsiaGate-Peer
Default=                Offsite-Peer

[Phase 2]
Connections=            Gate2-VPN,AsiaGate-VPN


##
# Phase 1 Stuff
##
[Gate2-Peer]
Phase=                  1
Transport=              udp
Address=                209.82.111.146
Configuration=          Default-main-mode
Authentication=         xxxx

[AsiaGate-Peer]
Phase=                  1
Transport=              udp
Address=                202.177.205.130
Configuration=          Default-main-mode
Authentication=         xxxx

[Offsite-Peer]
Phase=                  1
Transport=              udp
Configuration=          x509-main-mode
ID=                     local-ID

[local-ID]
ID-type=                FQDN
Name=                   domain.com


##
# Phase 2 Stuff
##
[Gate2-VPN]
Phase=                  2
ISAKMP-peer=            Gate2-Peer
Configuration=          Default-quick-mode
Local-ID=               Gate1-Internal-network
Remote-ID=              Gate2-Internal-network

[AsiaGate-VPN]
Phase=                  2
ISAKMP-peer=            AsiaGate-Peer
Configuration=          Default-quick-mode
Local-ID=               Gate1-Internal-network
Remote-ID=              AsiaGate-Internal-network

[Offsite-VPN]
Phase=                  2
ISAKMP-peer=            Offsite-Peer
Configuration=          Default-quick-mode
Local-ID=               Gate1-Internal-network


##
# Local ID Definitions
##
[Gate1-Internal-network]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.121.0
Netmask=                255.255.255.0

[Gate2-Internal-network]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.120.0
Netmask=                255.255.255.0

[AsiaGate-Internal-network]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.130.0
Netmask=                255.255.255.0


##
# Configurations
##
[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[x509-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA-RSA_SIG

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-PFS-SUITE



On November 2, 2004 01:16 pm, you wrote:

> [Phase 1]
> 209.82.111.146=         Gate2-Peer
> 202.177.205.130=        AsiaGate-Peer
> Default=                Offsite-Peer
...
> [Gate2-Peer]
> Phase=                  1
> Transport=              udp
> Address=                111.111.111.111
> Configuration=          Default-main-mode
> Authentication=         xxxx
>
> [AsiaGate-Peer]
> Phase=                  1
> Transport=              udp
> Address=                222.222.222.222
> Configuration=          Default-main-mode
> Authentication=         xxxx
Visit your host, monkey.org