Prev-20 Home Next-20 ipsec.conf question \ Prabhu Gurumurthy (5 May 2008) . \ Claer (6 May 2008) 1 msg pbm install 4.3 Packard Bell EasyNote 11 msg Apache suexec problem 9 msg 1U IBM or Dell server for firewall 1 msg gtk+2-2.12.7 on't upgrade after upgrade to 4.3 4 msg colors in regular openbsd terminal 7 msg problem building release for 4.3 stable 18 msg Window Manager 2 msg What tarball is xlib.h in in 4.3? 5 msg newfs during install 1 msg Mehr Insolvenzen in den USA 11 msg Jack, sun and envy problem 5 msg mknod fails after wrong arch MAKEDEV 3 msg mplayer & snapshot install 7 msg OpenBSD 4.3 and Xorg resolution 1280x800? 1 msg Good news re: Flash9 37 msg Doubt about license 2 msg source/destination nat pf, user space filtering pf 61 msg Editing C with... 2 msg 4.2, ppp problem Prev-20 Home Next-20

Prev-Msg Prev-Thread Openbsd-misc May-2008 Next-Thread Next-Msg Subject: ipsec.conf question Group: Openbsd-misc From: Prabhu Gurumurthy Date: 5 May 2008 All, I have a question regarding ipsec.conf. Example: IPsec peers: 3.3.3.3, 3.3.3.2 Interesting traffic: 1.1.1.1 -> 192.168.100.2 2.2.2.2 -> 192.168.100.0/24 Main/Quick mode crypto/groups being: aes, sha1 and group2 PSK being "test123" How can I define the above concisely? I can, for example, do the following: ike esp from 1.1.1.1 to 192.168.100.2 \ local 3.3.3.3 peer 3.3.3.2 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes group modp1024 \ psk "test123" ike esp from 2.2.2.2 to 192.168.100.0/24 \ local 3.3.3.3 peer 3.3.3.2 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes group modp1024 \ psk "test123" Is there any way to shorten it? since most of it seem to be redundant except for the interesting traffic part. FWIW, I am running 4.3-current: OpenBSD pgurumur-vm-openbsd.xxx.com 4.3 GENERIC#732 i386 Thanks Prabhu - Prev-Msg Prev-Thread Openbsd-misc May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com