|
FreeBSD的配置(3) Enter Export Password: 123456
Verifying password - Enter Export Password: 123456
配置FreeBSD
准备配置文件 /etc/ipsec.conf,其中192.168.2.11为FreeBSD,192.168.2.6为win2k:
spdadd 192.168.2.11/32 192.168.2.6/32 any -P out ipsec
esp/transport/192.168.2.11-192.168.2.6/require;
spdadd 192.168.2.6/32 192.168.2.11/32 any -P in ipsec
esp/transport/192.168.2.6-192.168.2.11/require;
在配置文件/etc/rc.conf中加入:
ipsec_enable="YES"
准备配置文件/usr/local/etc/racoon/racoon.conf:
# Directory in which we will store this, and other machines' certificates
path certificate "/usr/local/etc/racoon/certs" ;
log debug2;
# Padding values. These have been copied verbatim from the example.
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
# Timer values. I've bumped up the phase 1 & 2 timeouts.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 90 sec;
phase2 60 sec;
}
remote anonymous
{
exchange_mode main,aggressive;
#exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
my_identifier user_fqdn "zhangp@cy9.dq.cnpc.com.cn";
peers_identifier user_fqdn "win2k@cy9.dq.cnpc.com.cn";
certificate_type x509 "freebsd.crt" "freebsd.key";
peers_certfile "win2k.crt";
nonce_size 16;
lifetime time 4 hour; # sec,min,hour
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
# This is the same as one of the default proposals on Windows.
# 3DES, MD5 and RSA (certificate) authentication.
proposal {
encryption_algorithm 3des;
|
