IP Security and Hardware EncryptionSetting up an IPsec connection: examples Parent topic: Setting up an IPsec connection: examples

Between two boxes manually

Suppose we have two boxes, A and B, and we want to establish IPsec between them.

Here's how:

  1. On each box, create a script file (let's say its name is my_script) having the following content: 
    #!/bin/ksh 
# args: This script takes two arguments:
#    - The first one is the IP address of the box that is to
#      run it on.  
#    - The second one is the IP address of the box that this
#      box is to establish IPsec connection to.
Myself=$1
Remote=$2

# The following two lines are to clean the database.
# They're here simply to demonstrate the "hello world" level
# connection.
#  
setkey -FP
setkey -F

# Use setkey to input all of the SA content.
setkey -c << EOF

spdadd $Myself $Remote any -P out ipsec esp/transport/$Myself-$Remote/require;
spdadd $Remote $Myself any -P in ipsec esp/transport/$Remote-$Myself/require;

add  $Myself $Remote esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong";
add  $Remote $Myself esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong";
EOF
  2. On BoxA, run ./my_script BoxA BoxB, or give the IP address of each box if the name can't be resolved.
  3. Similarly, on BoxB, run ./my_script BoxB BoxA.

Now you can check the connection by pinging each box from the other. You can get the IPsec status by using setkey -PD.

Parent topic: Setting up an IPsec connection: examples