Re: Quick advise: Racoon and IPsec
Anders,
Our situations differ a bit, however I've found Debian's racoon package
to be quite useful. I just use it to encrypt all traffic between two
hosts that use NFS and XDMCP on my LAN. Who says NFS can't be secure in
transit? I also only use PSKs and haven't bothered with certs.
When you install it, debconf will ask if you want to use racoon-tool.
I've only used racoon with the racoon-tool configuration file, which I
understand simplifies things.
After installing, there are really only three steps:
1. Add your host/PSK entry to /etc/racoon/psk.txt
2. Add a connection to /etc/racoon/racoon-tool.conf
3. Restart /etc/init.d/racoon
It's not perfect. The most annoying issue in my little setup is that
NFS doesn't mount immediately on boot. It seems it takes some time
(seconds) for the connection to become available and the first few
packets go nowhere. I think this is pointed out in the IPSec HOWTO.
-Jeff
On Mon, 2005-08-08 at 21:14 +0200, Anders Breindahl wrote:
> Hello list,
>
> I am going to be fiddling with some ipsec'ing for securing my WLAN and
> enabling tunnelling to my home network through the Internet.
> I had great success last time I asked d-u for such quick advise, so I'll try
> again:
>
> Can you please provide your preferred points of entry to the field of
> tunnelling and automatic keying?
> Is IPsec and Racoon what I want? Which alternatives exist?
> Are there any common sources of error in this field, that I should be aware
> of?
> Anything else worth mentioning?
>
> I should mention, that I have tried the IPsec HOWTO by Ralf Spenneberg, but it
> didn't answer all my questions. Great short introduction, though.
>
> Regards,
> Anders Breindahl/skrewz.
>
>
Reply to: