IPSec on FreeBSD – Part 2

techwritter June 14, 2017

Install necessary software on FreeBSD1 and FreeBSD2

pkg install ipsec-tools
pkg install racoon2
pkg install tcpdump
pkg install iperf
pkg add pftop

Configuration file /etc/rc.conf should look as follows

On FreeBSD1

 hostname="fbsd1"
 ifconfig_em0="DHCP"
 sshd_enable="YES"
 ntpd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
 #em1 definition
 ifconfig_em1="inet 10.1.1.1 netmask 255.255.25.0"
 ##router definition
 gateway_enable="YES"
 ##static routes
 static_routes="fbsd2"
 route_fbsd2="-net 10.2.1.0/24 10.27.62.18"
 ##enable IPSEC
 ipsec_enable="YES"
 ipsec_program="/usr/local/sbin/setkey"
 ipsec_file="/usr/local/etc/racoon/setkey.conf"
 raccoon_enable=”yes”
 ##enable these if you want pf firewall
 #pf_enable=”YES”
 #pf_rules=”/etc/pf.conf”
 #pflog_enable=”YES”
 #pflog_logfile=”/var/log/pflog”

On FreeBSD2

 hostname="fbsd2"
 ifconfig_em0="DHCP"
 sshd_enable="YES"
 ntpd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
 #em1 definition
 ifconfig_em1="inet 10.2.1.1 netmask 255.255.25.0"
 ##router definition
 gateway_enable="YES"
 #route to fbsd1
 static_routes="fbsd1"
 route_fbsd1="-net 10.1.1.0/24 10.27.62.169"
 ##
 ipsec_enable="YES"
 ipsec_program="/usr/local/sbin/setkey"
 ipsec_file="/usr/local/etc/racoon/setkey.conf"
 racoon_enable="yes
 ##enable these if you want pf firewall
 #pf_enable=”YES”
 #pf_rules=”/etc/pf.conf”
 #pflog_enable=”YES”
 #pflog_logfile=”/var/log/pflog”

Now we configured /etc/rc.conf file to reflect our needs and it’s time to move on.

Back IPSec on FreeBSD – Part 1 Next IPSec on FreeBSD – Part 3.

Author: techwritter