|
Connect two os x machines via ipv6/ipsec
![[de]](/s/countries/de.gif) Shadow Hawkins on Thursday, 11 February 2010 22:39:18
Hi all,
i tried a while now to connect my two macs via ipv6. This is cool and works fine (via sixxs.net). But i like to use ipsec on ipv6 (and enhance the firewall to allow all encrypted traffic) and came across this little tutorial
http://www.kame.net/newsletter/20001119/
Realising that the macs got all at hands needed to give a direct host-2-host encryption i thought this would be easy. But using setkey/racoon is quite of hard.
my actual setkey - config looks like this:
#!/usr/sbin/setkey -f
#
# Flush SAD and SPD
flush;
spdflush;
spdadd 2a01:XXX:XXX:XXX::2 XXXX:198:XXX:XXX::2 any -P out ipsec
esp/transport//require
ah/transport//require ;
spdadd XXXX:198:XXX:XXX::2 2a01:XXX:XXX:XXX::2 any -P in ipsec
esp/transport//require
ah/transport//require ;
and my racoon.conf looks like
path pre_shared_key "/etc/racoon/psk.txt" ;
remote 2a01:XXX:XXX:XXX::2 {
exchange_mode main;
my_identifier user_fqdn "joe@macmini.ipv6" ;
lifetime time 24 hour ;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 2a01:XXX:XXX:XXX::2 any address XXXX:198:XXX:XXX::2 any
{
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
This all starts very well - The ip's are exchanged counterwise on the second mac - and everything starts - but a ping6 terminates with a request timeout and i'm quite sure that there is nothing encrypted inbetween.
so i am stucked - anyone got a host2host eps/ah working under os x and can give me a hint?
|
Posting is only allowed when you are