Hshh's Website

21-11-2008 01:35:28

Navigation

• Home
  • FreeBSD
    • RAID
  • PHP
    • Performance
  • MySQL
  • WoW
    • 1.x old
  • Resources
  • Links
    • FreeBSD
    • PHP
    • MySQL

Lastest

FreeBSD 7.0的PXE Boot网络安装FreeBSD令人无语的postfix 2.4.5 mysql doc远程从i386转为amd64NFS mount不上的另外一种可能amd64版本的make installworld问题将FreeBSD 4.11升级到6.2只用setkey建立ipsec tunnel一些关于NFS和AMD的tips1123



WoW

10031002091809150908-0910

Manage

只用setkey建立ipsec tunnel

A机 192.168.1.1, B机 192.168.1.2

A ipsec.conf:

spdflush;
spdadd 192.168.1.1/32 192.168.1.2/32 ipencap -P out ipsec esp/transport/192.168.1.1-192.168.1.2/require;
spdadd 192.168.1.2/32 192.168.1.1/32 ipencap -P in  ipsec esp/transport/192.168.1.2-192.168.1.1/require;
flush;
add 192.168.1.1 192.168.1.2 esp 12345 -E blowfish-cbc "password1";
add 192.168.1.2 192.168.1.1 esp 12346 -E blowfish-cbc "password2";

B ipsec.conf:

spdflush;
spdadd 192.168.1.1/32 192.168.1.2/32 ipencap -P in  ipsec esp/transport/192.168.1.1-192.168.1.2/require;
spdadd 192.168.1.2/32 192.168.1.1/32 ipencap -P out ipsec esp/transport/192.168.1.2-192.168.1.1/require;
flush;
add 192.168.1.1 192.168.1.2 esp 12345 -E blowfish-cbc "password1";
add 192.168.1.2 192.168.1.1 esp 12346 -E blowfish-cbc "password2";

其实A和B不同就是SPD部分 in和out 区别, password1和password2可以相同, 12345为SAD的SPI序号,两边一致就可以了

Hshh's Website is Powered by MODx 0.9.2.2 (rev 1923).
Blog RSS    WoW RSS
MySQL: 0.0018 s, 0 request(s), PHP: 0.0130 s, total: 0.0148 s, document retrieved from cache.
备案序号:浙ICP备05015161号