Skip to Main Content
Network Security Hacks
book

Network Security Hacks

by Andrew Lockhart
April 2004
Intermediate to advanced content levelIntermediate to advanced
320 pages
9h 10m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks

Set Up IPsec in OpenBSD

Use IPsec the OpenBSD way.

Setting up IPsec in OpenBSD is fairly easy since it’s compiled into the kernel that ships with each release and is enabled by default. All that is left to do is to create the appropriate /etc/isakmpd/isakmpd.conf and /etc/isakmpd/isakmpd.policy files and start isakmpd (the IPsec key-management daemon). This may sound daunting, but OpenBSD’s outstanding documentation and example configuration files make it easier.

First of all, you’ll need to put something similar to this in your /etc/isakmpd/isakmpd.policy:

KeyNote-Version: 2
Authorizer: "POLICY"
Licensees: "passphrase:mypassword"
Conditions: app_domain == "IPsec policy" &&
            esp_present == "yes" &&
            esp_enc_alg == "aes" &&
            esp_auth_alg == "hmac-sha" -> "true";

This sets a password to use for the IPsec connection.

Now you’ll need to edit your /etc/isakmpd/isakmpd.conf to contain the following:

[General] Listen-on= 192.168.1.1 Shared-SADB= Defined [Phase 1] Default= ISAKMP-peer-remote #Default= ISAKMP-peer-remote-aggressive [Phase 2] Passive-Connections=IPsec-local-remote [ISAKMP-peer-remote] Phase= 1 Transport= udp Local-address= 192.168.1.1 Configuration= Default-main-mode Authentication= mypassword [ISAKMP-peer-remote-aggressive] Phase= 1 Transport= udp Local-address= 192.168.1.1 Configuration= Default-aggressive-mode Authentication= mypassword [IPsec-local-remote] Phase= 2 ISAKMP-peer= ISAKMP-peer-remote Configuration= Default-quick-mode Local-ID= Net-local Remote-ID= Net-remote [Net-remote] ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596006438Catalog PageErrata