dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2024-12-09 22:13:08 +01:00
Code Releases Activity
adfc30bbf6
wiki/ipsec-on-freebsd.md
gollum adfc30bbf6 Updated ipsec-on-freebsd (markdown)
2013-02-28 18:14:03 +01:00

1020 B
Raw Blame History

IPsec on FreeBSD

These instructions are for IPsec in transport mode not IPsec in tunnel mode. IPsec in tunnel mode requires a too tight coupling with the routing table for dynamic routing because the policies can only be specified based on source/destination address and protocol not based on interfaces.

Requirements

  • Root access to both endpoints
  • Static IPv4 addresses for both endpoints unless you want to write a small shell script as hook for raccon.
  • At least one static IPv4 on at least one endpoint unless you hate yourself.

Kernel configuration

The FreeBSD GENERIC kernel lacks support for in-kernel IPsec processing. Add this two lines to your kernel config and (re-)build your own kernel. If you're new to FreeBSD check Chapters 15.9.1 and 9 of the FreeBSD handbook.

  options   IPSEC        #IP security
  device    crypto

Reboot into your new kernel.

Userland configuration