Prev-20 Home Next-20 ipsec.conf question \ Prabhu Gurumurthy (5 May 2008) . \ Claer (6 May 2008) 1 msg pbm install 4.3 Packard Bell EasyNote 11 msg Apache suexec problem 9 msg 1U IBM or Dell server for firewall 1 msg gtk+2-2.12.7 on't upgrade after upgrade to 4.3 4 msg colors in regular openbsd terminal 7 msg problem building release for 4.3 stable 18 msg Window Manager 2 msg What tarball is xlib.h in in 4.3? 5 msg newfs during install 1 msg Mehr Insolvenzen in den USA 11 msg Jack, sun and envy problem 5 msg mknod fails after wrong arch MAKEDEV 3 msg mplayer & snapshot install 7 msg OpenBSD 4.3 and Xorg resolution 1280x800? 1 msg Good news re: Flash9 37 msg Doubt about license 2 msg source/destination nat pf, user space filtering pf 61 msg Editing C with... 2 msg 4.2, ppp problem Prev-20 Home Next-20

Prev-Msg Prev-Thread Openbsd-misc May-2008 Next-Thread Next-Msg Subject: Re: ipsec.conf question Group: Openbsd-misc From: Claer Date: 6 May 2008 On Mon, May 05 2008 at 20:14, Prabhu Gurumurthy wrote: > All, > > I have a question regarding ipsec.conf. > > Example: > > IPsec peers: 3.3.3.3, 3.3.3.2 > Interesting traffic: 1.1.1.1 -> 192.168.100.2 > 2.2.2.2 -> 192.168.100.0/24 > > Main/Quick mode crypto/groups being: aes, sha1 and group2 > PSK being "test123" > > How can I define the above concisely? > > I can, for example, do the following: > > ike esp from 1.1.1.1 to 192.168.100.2 \ > local 3.3.3.3 peer 3.3.3.2 \ > main auth hmac-sha1 enc aes group modp1024 \ > quick auth hmac-sha1 enc aes group modp1024 \ > psk "test123" > > ike esp from 2.2.2.2 to 192.168.100.0/24 \ > local 3.3.3.3 peer 3.3.3.2 \ > main auth hmac-sha1 enc aes group modp1024 \ > quick auth hmac-sha1 enc aes group modp1024 \ > psk "test123" > > Is there any way to shorten it? since most of it seem to be redundant > except for the interesting traffic part. You can simply use macro as in pf.conf. For example : LAN_priv = "192.168.100.0/24" Our_PSK = "test123" IPSEC_peers = "local 3.3.3.3 peer 3.3.3.2" IPSEC_crypto = "main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1 enc aes group modp1024" ike esp from $IP_pub_1 to $IP_priv $IPSEC_peers $IPSEC_crypto \ psk $Our_PSK ike esp from $IP_pub_2 to $LAN_priv $IPSEC_peers $IPSEC_crypto \ psk $Our_PSK With 4.3-current you can use includes. Sample from man page : Additional configuration files can be included with the include keyword, for example: include "/etc/macros.conf" Claer Prev-Msg Prev-Thread Openbsd-misc May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com