connect to an other site using ipsec-nat
Hello,
We have to connect to a factory using ipsec and nat.
A server(factory) will send backup to us using ftp.
Our ftp server is protected by a firewall with OpenBSD (PF and ftp-proxy)
OpenBSD firewall : 2 interfaces : egress (81.255.XX.XX) and local (10.0.0.3) ; FTP server : 10.0.0.4
The admin of the factory has send me informations to configure vpn ipsec :
our vpn gateway : 81.255.XX.XX
src address :192.168.191.0/24
dst address : 192.168.192.0/24
factory vpn gateway : 210.253.XX.XX
src address : 192.168.192.0/24
dst address : 192.168.191.0/24
Authentication Mode: Preshared Keys
Diffie-Hellman Group 2 (1024 bit)
Encryption Algorithm: AES 256
Hashing Algoritm: SHA-1
Negotiation Mode: Main
Lifetime : 28800 sec
IPSec-Parameter:
Perfect Forward Secrecy: Group 2
Encapsulation : ESP
Encryption Algorithm: AES 256
Authentication Algorithm : SHA-1
Encapsulation Mode: Tunnel
Lifetime : 3600 sec
the preshared key : haiku
i have read man pages of ipsec.conf, ipsecctl, isakampd.
My pf.conf let protocol esp, udp 500 and 4500 from any to any.
I dont see how to realize that. If someone can help me.
Thank you.
|