MàJ et corrections d'options
This commit is contained in:
parent
a6ffb4cc80
commit
0aa2063ab6
|
@ -62,13 +62,6 @@ net.inet.ah.enable=1
|
||||||
net.inet.ip.forwarding=1
|
net.inet.ip.forwarding=1
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
Activer l'interface enc0 :
|
|
||||||
|
|
||||||
~~~
|
|
||||||
# ifconfig enc0 up
|
|
||||||
# echo up >/etc/hostname.enc0
|
|
||||||
~~~
|
|
||||||
|
|
||||||
Dans /etc/pf.conf, positionner :
|
Dans /etc/pf.conf, positionner :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
|
@ -76,12 +69,14 @@ set skip on {lo0 enc0}
|
||||||
|
|
||||||
pass in on $ext_if proto esp from $addr_gw2 to ($ext_if)
|
pass in on $ext_if proto esp from $addr_gw2 to ($ext_if)
|
||||||
pass in on $ext_if proto udp from $addr_gw2 to ($ext_if) port {isakmp, ipsec-nat-t}
|
pass in on $ext_if proto udp from $addr_gw2 to ($ext_if) port {isakmp, ipsec-nat-t}
|
||||||
|
pass in on $ext_if proto udp from $addr_gw2 port {isakmp, ipsec-nat-t} to ($ext_if)
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
Dans /etc/ipsec.conf, positionner :
|
Dans /etc/ipsec.conf, positionner :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
local_network="192.0.2.0/24"
|
local_network="192.0.2.0/24"
|
||||||
|
|
||||||
remote_ip="198.51.100.254"
|
remote_ip="198.51.100.254"
|
||||||
remote_network="198.51.100.0/24"
|
remote_network="198.51.100.0/24"
|
||||||
|
|
||||||
|
@ -101,12 +96,12 @@ Tester la configuration :
|
||||||
# ipsecctl -n -f /etc/ipsec.conf
|
# ipsecctl -n -f /etc/ipsec.conf
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
Démarrer le service :
|
Activer et démarrer le service :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
# cat /etc/rc.conf.local
|
# rcctl enable ipsec
|
||||||
isakmpd_flags="-K"
|
# rcctl enable isakmpd
|
||||||
|
# rcctl set isakmpd flags -KTv
|
||||||
# rcctl start isakmpd
|
# rcctl start isakmpd
|
||||||
# ipsecctl -f /etc/ipsec.conf
|
# ipsecctl -f /etc/ipsec.conf
|
||||||
~~~
|
~~~
|
||||||
|
|
Loading…
Reference in a new issue