1. Add "NETWORKING_IPSEC=yes" to /etc/sysconfig/network and patch -p0 /etc/rc.d/init.d/network with the patch file.
2. Create /etc/ipsec.conf with keys & SAs according to ipsec.conf man page or http://www.ipsec-howto.org/ (I also recommended using libc6's contrib 'xxd' package for key generations, unless you plan on using certs.)
3. Configure persistent static routes for hosts/networks.
4. Set: "net.ipv4.ip_forward=1" in /etc/sysctl.conf if you're using tunnel mode.
5. Restart Networking.
If anyone has any suggestions for the diff file, please let me know...
-- -Matt Blecha- CEO ColoradoSmart (303) 766-8519 mblecha@xxxxxxxxxxxxxxxxx http://www.coloradosmart.com/
--- network 2004-07-05 15:15:39.875580840 -0600 +++ network-ipsec 2004-07-05 15:16:13.274503432 -0600 @@ -151,6 +151,14 @@ sysctl -w kernel.hotplug=$oldhotplug > /dev/null 2>&1 + # IPSEC hook (post IPV4 start) + # Added by Matt Blecha + if [ "$NETWORKING_IPSEC" = "yes" ]; then + if [ -f /etc/ipsec.conf ]; then + action $"Setting IPSEC SAs " /sbin/setkey -f /etc/ipsec.conf + fi + fi + # Add non interface-specific static-routes. if [ -f /etc/sysconfig/static-routes ]; then grep "^any" /etc/sysconfig/static-routes | while read ignore args ; do @@ -227,6 +235,13 @@ action $"Shutting down interface $i: " ./ifdown $i boot fi done + + # IPSEC hook (post IPV4 start) + # Added by Matt Blecha + if [ "$NETWORKING_IPSEC" = "yes" ]; then + action $"Flushing IPSEC SAs " /sbin/setkey -F + action $"Flushing IPSEC Interfaces " /sbin/setkey -FP + fi # shut down all interfaces (other than loopback) for i in $interfaces ; do
