wiki.openbsd.ru/ ipsec-openbsd-ubuntu

IPsec между OpenBSD и Linux Ubuntu

Схема

10.2.2.0/24(LAN1) <--> 192.168.1.253(OpenBSD) <--> 192.168.1.62(Ubuntu) <--> 10.1.1.0/24(LAN2)

OpenBSD

/etc/ipsec.conf

ike esp from 10.2.2.0/24 to 10.1.1.0/24 local 192.168.1.253 peer 192.168.1.62 \
    main auth hmac-sha1 enc 3des-cbc \
    quick auth hmac-sha1 enc 3des-cbc \
    group modp1024 psk laklaklak

Ubuntu

/etc/ipsec-tools.conf 

#!/usr/sbin/setkey -f

flush;
spdflush;

spdadd 10.1.1.0/24 10.2.2.0/24 any -P out ipsec
    esp/tunnel/192.168.1.62-192.168.1.253/require;
spdadd 10.2.2.0/24 10.1.1.0/24 any -P in ipsec
    esp/tunnel/192.168.1.253-192.168.1.62/use;

/etc/racoon/psk.txt

192.168.1.253   laklaklak

/etc/racoon/racoon.conf 

path pre_shared_key "/etc/racoon/psk.txt";

remote 192.168.1.253 {
    exchange_mode main,aggressive;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group modp1024;
    }
    generate_policy off;
}

sainfo address 10.1.1.0/24[any] any address 10.2.2.0/24[any] any {
    pfs_group modp1024;
    encryption_algorithm 3des;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}