1
mirror of https://git.dn42.dev/wiki/wiki.git synced 2024-12-22 09:05:54 +01:00
wiki/gre-plus-ipsec-debian.md
2013-03-11 18:20:33 +01:00

609 B

GRE + IPsec on Debian based distros

  • Install racoon from ipsec-tools.
  • Define an IPsec security policy in /etc/ipsec-tools.conf
  • Load the IPsec security policy into the IPsec security policy database.
  • Configure the racoon daemon.
  • Configure a GRE tunnel.

Used resources in this example:

  • tunnel endpoints: 1.2.3.4 and 5.6.7.8
  • internal IPv4 addresses: 10.0.0.1 and 10.0.0.2

Define an IPsec security policy

Example policy on 1.2.3.4:

#!/usr/sbin/setkey -f
spdadd 1.2.3.4 5.6.7.8 gre -P out ipsec esp/transport//require;
spdadd 5.6.7.8 1.2.3.4 gre -P in  ipsec esp/transport//require;