Thread: connect to an other site using ipsec-nat
View Single Post
  #1   (View Single Post)  
Old 9th September 2009
wesley wesley is offline
Real Name: Wesley
Shell Scout
  
Join Date: Aug 2009
Location: Reunion Island
Posts: 92
Default connect to an other site using ipsec-nat
Hello,

We have to connect to a factory using ipsec and nat.
A server(factory) will send backup to us using ftp.

Our ftp server is protected by a firewall with OpenBSD (PF and ftp-proxy)
OpenBSD firewall : 2 interfaces : egress (81.255.XX.XX) and local (10.0.0.3) ; FTP server : 10.0.0.4

The admin of the factory has send me informations to configure vpn ipsec :

our vpn gateway : 81.255.XX.XX
src address :192.168.191.0/24
dst address : 192.168.192.0/24

factory vpn gateway : 210.253.XX.XX
src address : 192.168.192.0/24
dst address : 192.168.191.0/24

Authentication Mode: Preshared Keys
Diffie-Hellman Group 2 (1024 bit)
Encryption Algorithm: AES 256
Hashing Algoritm: SHA-1
Negotiation Mode: Main
Lifetime : 28800 sec

IPSec-Parameter:
Perfect Forward Secrecy: Group 2
Encapsulation : ESP
Encryption Algorithm: AES 256
Authentication Algorithm : SHA-1
Encapsulation Mode: Tunnel
Lifetime : 3600 sec

the preshared key : haiku

i have read man pages of ipsec.conf, ipsecctl, isakampd.
My pf.conf let protocol esp, udp 500 and 4500 from any to any.
I dont see how to realize that. If someone can help me.
Thank you.
Reply With Quote