Debian User writes:
> I see. What about a host to host only configuration? Im trying to do
> this peer to peer networking style. A no dns setup.
> Im directly connected to a number of hosts and they relay my messages to
> the rest of the p2p network.
Ok, assuming you have two hosts :-
A --------------- B
100.1.3.4 200.6.7.8
and using the same arbitrary values as before :-
spi = 0x1001
3des-key = 6d2c5688ebe2d7fc7b364da932eee4cbf092a3d63415e59a
md5-key = bde359723576fdea08e56cbe876e24ad
then doing the following on A :-
A$ ipsec spi --af inet --edst 200.6.7.8 --spi 0x1001 --proto esp --src 100.1.3.4 --esp 3des-md5-96 --enckey 0x6d2c5688ebe2d7fc7b364da932eee4cbf092a3d63415e59a --authkey 0xbde359723576fdea08e56cbe876e24ad
A$ ipsec spi --af inet --edst 100.1.3.4 --spi 0x1001 --proto esp --src 200.6.7.8 --esp 3des-md5-96 --enckey 0x6d2c5688ebe2d7fc7b364da932eee4cbf092a3d63415e59a --authkey 0xbde359723576fdea08e56cbe876e24ad
A$ ipsec eroute add --eraf inet --src 100.1.3.4/32 --dst 200.6.7.8/32 --af inet --edst 200.6.7.8 --spi 0x1001 --proto esp
A$ route add -net 200.6.7.8/32 ipsec0
and the following on B :-
B$ ipsec spi --af inet --edst 100.1.3.4 --spi 0x1001 --proto esp --src 200.6.7.8 --esp 3des-md5-96 --enckey 0x6d2c5688ebe2d7fc7b364da932eee4cbf092a3d63415e59a --authkey 0xbde359723576fdea08e56cbe876e24ad
B$ ipsec spi --af inet --edst 200.6.7.8 --spi 0x1001 --proto esp --src 100.1.3.4 --esp 3des-md5-96 --enckey 0x6d2c5688ebe2d7fc7b364da932eee4cbf092a3d63415e59a --authkey 0xbde359723576fdea08e56cbe876e24ad
B$ ipsec eroute add --eraf inet --src 200.6.7.8/32 --dst 100.1.3.4/32 --af inet --edst 100.1.3.4 --spi 0x1001 --proto esp
B$ route add -net 100.1.3.4/32 ipsec0
should set up a 3DES+MD5 transport mode connection between the two.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:09 CEST