From 884e405222432ab3d89bc28c6a57e6f427fc1d8c Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 4 Dec 2004 18:42:40 +0000 Subject: [PATCH] Correct IP address in IPSEC 2.6 Documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1802 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/IPSEC-2.6.xml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Shorewall-docs2/IPSEC-2.6.xml b/Shorewall-docs2/IPSEC-2.6.xml index f27227f12..c3448b109 100644 --- a/Shorewall-docs2/IPSEC-2.6.xml +++ b/Shorewall-docs2/IPSEC-2.6.xml @@ -15,7 +15,7 @@ - 2004-10-25 + 2004-12-04 2004 @@ -232,7 +232,7 @@ ipsec net 134.28.54.2 /etc/shorewall/tunnels — System B: #TYPE ZONE GATEWAY GATEWAY ZONE -ipsec net 206.161.148.9 +ipsec net 206.162.148.9 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE @@ -283,7 +283,7 @@ vpn eth0:10.0.0.0/8,134.28.54.2 ips /etc/shorewall/hosts — System B #ZONE HOSTS OPTIONS -vpn eth0:192.168.1.0/24,206.161.148.9 ipsec +vpn eth0:192.168.1.0/24,206.162.148.9 ipsec #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE @@ -313,14 +313,14 @@ flush; # Add some SPD rules -spdadd 192.168.1.0/24 10.0.0.0/8 any -P out ipsec esp/tunnel/206.161.148.9-134.28.54.2/require; -spdadd 192.168.1.0/24 134.28.54.2/32 any -P out ipsec esp/tunnel/206.161.148.9-134.28.54.2/require; -spdadd 206.161.148.9/32 134.28.54.2/32 any -P out ipsec esp/tunnel/206.161.148.9-134.28.54.2/require; -spdadd 206.161.148.9/32 10.0.0.0/8 any -P out ipsec esp/tunnel/206.161.148.9-134.28.54.2/require; -spdadd 10.0.0.0/8 192.168.1.0/24 any -P in ipsec esp/tunnel/134.28.54.2-206.161.148.9/require; -spdadd 10.0.0.0/8 206.161.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2-206.161.148.9/require; -spdadd 134.28.54.2/32 192.168.1.0/24 any -P in ipsec esp/tunnel/134.28.54.2-206.161.148.9/require; -spdadd 134.28.54.2/32 206.161.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2-206.161.148.9/require; +spdadd 192.168.1.0/24 10.0.0.0/8 any -P out ipsec esp/tunnel/206.162.148.9-134.28.54.2/require; +spdadd 192.168.1.0/24 134.28.54.2/32 any -P out ipsec esp/tunnel/206.162.148.9-134.28.54.2/require; +spdadd 206.162.148.9/32 134.28.54.2/32 any -P out ipsec esp/tunnel/206.162.148.9-134.28.54.2/require; +spdadd 206.162.148.9/32 10.0.0.0/8 any -P out ipsec esp/tunnel/206.162.148.9-134.28.54.2/require; +spdadd 10.0.0.0/8 192.168.1.0/24 any -P in ipsec esp/tunnel/134.28.54.2-206.162.148.9/require; +spdadd 10.0.0.0/8 206.162.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2-206.162.148.9/require; +spdadd 134.28.54.2/32 192.168.1.0/24 any -P in ipsec esp/tunnel/134.28.54.2-206.162.148.9/require; +spdadd 134.28.54.2/32 206.162.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2-206.162.148.9/require; The setkey.conf file on gateway B would be @@ -334,7 +334,7 @@ spdadd 134.28.54.2/32 206.161.148.9/32 any -P in ipsec esp/tunnel/134.28.54.2 listen { - isakmp 206.161.148.9; + isakmp 206.162.148.9; } remote 134.28.54.2 @@ -363,7 +363,7 @@ sainfo address 192.168.1.0/24 any address 10.0.0.0/8 any compression_algorithm deflate ; } -sainfo address 206.161.148.9/32 any address 10.0.0.0/8 any +sainfo address 206.162.148.9/32 any address 10.0.0.0/8 any { pfs_group 2; lifetime time 12 hour ; @@ -372,7 +372,7 @@ sainfo address 206.161.148.9/32 any address 10.0.0.0/8 any compression_algorithm deflate ; } -sainfo address 206.161.148.9/32 any address 134.28.54.2/32 any +sainfo address 206.162.148.9/32 any address 134.28.54.2/32 any { pfs_group 2; lifetime time 12 hour ;