be2d5214565d72f7e440c6f7f023e9c9e66dbd69
ipsec-on-freebsd.md
| ... | ... | @@ -1,7 +1,19 @@ |
| 1 | 1 | # IPsec on FreeBSD |
| 2 | 2 | |
| 3 | +These instructions are for IPsec in transport mode not IPsec in tunnel mode. IPsec in tunnel mode requires a too tight coupling with the routing table for dynamic routing because the policies can only be specified based on source/destination address and protocol not based on interfaces. |
|
| 4 | + |
|
| 3 | 5 | ## Requirements |
| 6 | +* Root access to both endpoints |
|
| 7 | +* Static IPv4 addresses for both endpoints unless you want to write a small shell script as hook for raccon. |
|
| 8 | +* At least one static IPv4 on at least one endpoint unless you hate yourself. |
|
| 4 | 9 | |
| 5 | 10 | ## Kernel configuration |
| 11 | +The FreeBSD GENERIC kernel lacks support for in-kernel IPsec processing. Add this two lines to your kernel config and (re-)build your own kernel. |
|
| 12 | +If you're new to FreeBSD check Chapters [15.9.1](http://www.freebsd.org/doc/handbook/ipsec.html) and [9](http://www.freebsd.org/doc/handbook/kernelconfig.html) of the FreeBSD handbook. |
|
| 13 | +``` |
|
| 14 | + options IPSEC #IP security |
|
| 15 | + device crypto |
|
| 16 | +``` |
|
| 17 | +Reboot into your new kernel. |
|
| 6 | 18 | |
| 7 | 19 | ## Userland configuration |
| ... | ... | \ No newline at end of file |