How to implement IPsec in IPv6 postfix mail server
I start my IPsec use IPsec-tools.I configure two files that are /etc/racoon/racoon.conf and /etc/racoon/setkey.sh.
That is my racoon.conf
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";
listen
{
isakmp 2001:328:2003:2::5;
}
remote 2001:328:2003:2::10
{
exchange_mode main;
lifetime time 24 hour;
proposal
{
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 2001:328:2003:2::5 any address 2001:328:2003:2::10 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
sainfo address 2001:328:2003:2::10 any address 2001:328:2003:2::5 any
{
lifetime time 1 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
include "/etc/racoon/192.168.1.5.conf";
include "/etc/racoon/192.168.1.2.conf";
include "/etc/racoon/2001:328:2003:2::2.conf";
include "/etc/racoon/2001:328:2003:2::10.conf";
my "setkey.sh"
#!/sbin/setkey -f
flush;
spdflush;
spdadd 2001:328:2003:2::1 2001:328:2003:2::2 any -P out ipsec esp/transport//require;
spdadd 2001:328:2003:2::2 2001:328:2003:2::1 any -P in ipsec esp/transport//require;
then i tye setkey -D
[root@mailv6 racoon]# setkey -D
No SAD entries.
Thanks.
Last edited by squirtle; 10-05-2006 at 02:14 AM.
|