I ve read
http://undeadly.org/cgi?action=artic...20090127205841
Here what i have done :
my pf.conf, i ve add lines :
binat on enc0 inet from 10.0.0.0/24 to 192.168.192.0/24 -> \
192.168.191.0/24
my ipsec.conf:
ike esp from 192.168.192.0/24 (10.0.0.0/8) to 192.168.191.0/24 peer \
the_gateway_of_factory \
main auth hmac-sha1 enc aes-256 group modp1024 \
quick auth hmac-sha1 enc aes-256 group modp1024 \
psk "haiku"
When i try : ipsecctl -sa, i have :
# ipsecctl –sa j’ai comme résultat :
FLOWS:
flow esp in from 192.168.191.0/24 to 10.0.0.0/8 peer 212.99.117.97 srcid my_gateway dstid the_gateway_factory type use
flow esp out from 10.0.0.0/8 to 192.168.191.0/24 peer 212.99.117.97 srcid my_gateway dstid the_gateway_factory type require
SAD:
esp tunnel from the_gateway_fatory to my_gateway spi 0x5f836c7a auth hmac-sha1 enc aes-256
esp tunnel from my_gateway to the_factory_gateway spi 0x7d51b2f7 auth hmac-sha1 enc aes-256
#
If i type : isakmpd and after, ipsecctl -f /etc/ipsec.conf, i ve the following :
ike_ipsec_establish : open (/var/run/isakmpd.fifo) : no such file or directory
Why ?
I'm not very far from the goal! need help.