thebeastie.org Projects
FreeBSD VPN setup script Vpnsetup script is designed to create a VPN for FreeBSD to FreeBSD VPN setups, its default configuration is also aimed to work with other vendor VPN equipment. This can be considered a scripted howto on VPN on IPSEC and is a good example / guide that work well coupled with firewall setups like Packet Filter I started vpnsetup.pl for my self because I found it hard to remember all the knobs! Download here. vpnsetup.pl Change log here change.log last updated: Version 1.201 / Tue Sep 5 12:26:14 EST 2006 · This script expects: · You have installed FreeBSD 5.x / 6.x, this script is hardware platform independent (Tested on a Sparc64 FreeBSD ) · Have perl installed. ( pkg_add -r perl.tbz ) ·You have already configured basic IP network (Internal and External IPs in rc.conf) configuration for FreeBSD as a router/gateway, with net.inet.ip.forwarding=1 ·If your new to VPNs I recommend you at least check out the IPSec VPN guide of the FreeBSD handbook http://www.freebsd.org/handbook/ipsec.html ·Disclaimer: In no way/event shall I be liable for any damages done by this script in any way conceivably possible. ·If in doubt run it as a low priviledged user. · IPSec Network IP Setup / · Kernel Recompile This will ask you for numerous IP and Network related questions needed to create the Security Association Database (SAD) entries as well as Security Policy Database (SPD) for VPN configuration, configuration is written to ipsec.conf. Creates a GRE tunnel configuration into rc.local with the needed routes ( gif ability can be abled ). VPNsetup will check the FreeBSD kernel to see if its VPN capable if not it will offer to recompile the "GENERIC" FreeBSD configuration file with VPN options included Can install either "FAST_IPSEC" or "IPSEC" kernel code · Racoon install and configuration Asks you for encryption choices on Phase 1 and Phase 2 IKE and generates a racoon.conf configuration file to racoon.conf For use by ipsec-tools / racoon The network outlay. 192.1.1.0/24 192.1.1.254 ( Local Int Gateway IP ) +--------+ +--------+ \| LOCAL \| \| LOCAL \|10.0.0.254 ( Local Ext Gateway IP ) \| NET \|--------------\| GATEWAY\| <------------+ +--------+ +--------+ \| \| { INTERNET } \| +--------+ +---------+ \| \| REMOTE \| \| REMOTE \|<------------+ \| NET \|--------------\| GATEWAY \|10.0.1.254 ( Remote Ext Gateway IP ) +--------+ +---------+ 192.1.2.0/24 192.1.2.254 ( Remote Int Gateway IP ) For searching the net for VPN related stuff try these urls below. Interestingly thebeastie.org comes up first using Yahoo or Microsoft search engine. But as of this writting (May 2005) , my site simply doesn't come up at all on Google :\| Yahoo:FreeBSD VPN setup Google:FreeBSD VPN setup MSNSearch: FreeBSD VPN setup Comments Subject: Your Email (Optional): <

thebeastie.org Projects

FreeBSD VPN setup script

Vpnsetup script is designed to create a VPN for FreeBSD to FreeBSD VPN setups, its default configuration is also aimed to work with other vendor VPN equipment.

This can be considered a scripted howto on VPN on IPSEC and is a good example / guide that work well coupled with firewall setups like Packet Filter
I started vpnsetup.pl for my self because I found it hard to remember all the knobs!
Download here. vpnsetup.pl

Change log here change.log last updated: Version 1.201 / Tue Sep 5 12:26:14 EST 2006

· This script expects:
· You have installed FreeBSD 5.x / 6.x, this script is hardware platform independent (Tested on a Sparc64 FreeBSD )
· Have perl installed. ( pkg_add -r perl.tbz )

·You have already configured basic IP network (Internal and External IPs in rc.conf) configuration for FreeBSD as a router/gateway,
with net.inet.ip.forwarding=1

·If your new to VPNs I recommend you at least check out the IPSec VPN guide of the FreeBSD handbook
http://www.freebsd.org/handbook/ipsec.html

·Disclaimer: In no way/event shall I be liable for any damages done by this script in any way conceivably possible.
·If in doubt run it as a low priviledged user.

· IPSec Network IP Setup / · Kernel Recompile

This will ask you for numerous IP and Network related questions needed to create the Security Association Database (SAD) entries as well as Security Policy Database (SPD)
for VPN configuration, configuration is written to ipsec.conf.
Creates a GRE tunnel configuration into rc.local with the needed routes ( gif ability can be abled ).
VPNsetup will check the FreeBSD kernel to see if its VPN capable if not it will offer to recompile the "GENERIC" FreeBSD configuration file with VPN options included
Can install either "FAST_IPSEC" or "IPSEC" kernel code

· Racoon install and configuration

Asks you for encryption choices on Phase 1 and Phase 2 IKE and generates a racoon.conf configuration file to racoon.conf
For use by ipsec-tools / racoon

The network outlay.

192.1.1.0/24            192.1.1.254 ( Local Int Gateway IP )
+--------+              +--------+
| LOCAL |              | LOCAL |10.0.0.254 ( Local Ext Gateway IP )
| NET    |--------------| GATEWAY| <------------+
+--------+              +--------+              |
                                                |
                                        {    INTERNET   }
                                                |
+--------+              +---------+             |
| REMOTE |              | REMOTE |<------------+
| NET    |--------------| GATEWAY |10.0.1.254 ( Remote Ext Gateway IP )
+--------+              +---------+
192.1.2.0/24            192.1.2.254 ( Remote Int Gateway IP )

For searching the net for VPN related stuff try these urls below.
Interestingly thebeastie.org comes up first using Yahoo or Microsoft search engine. But as of this writting (May 2005) , my site simply doesn't come up at all on Google :|

Yahoo:FreeBSD VPN setup

Google:FreeBSD VPN setup

MSNSearch: FreeBSD VPN setup

Comments