All,
I have a question regarding ipsec.conf.
Example:
IPsec peers: 3.3.3.3, 3.3.3.2
Interesting traffic: 1.1.1.1 -> 192.168.100.2
2.2.2.2 -> 192.168.100.0/24
Main/Quick mode crypto/groups being: aes, sha1 and group2
PSK being "test123"
How can I define the above concisely?
I can, for example, do the following:
ike esp from 1.1.1.1 to 192.168.100.2 \
local 3.3.3.3 peer 3.3.3.2 \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes group modp1024 \
psk "test123"
ike esp from 2.2.2.2 to 192.168.100.0/24 \
local 3.3.3.3 peer 3.3.3.2 \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes group modp1024 \
psk "test123"
Is there any way to shorten it? since most of it seem to be redundant except for
the interesting traffic part.
FWIW, I am running 4.3-current:
OpenBSD pgurumur-vm-openbsd.xxx.com 4.3 GENERIC#732 i386
Thanks
Prabhu
-
