I think about installing IPsec on computers in my home LAN for some time. There are many configurations possible: tunnel mode, transport mode, peer-to-peer solution or star topology with single VPN hub. Also there are different IPsec implementations. KAME for *BSD, Openswan, strongSwan and Linux 2.6 PF_KEY implementation (which can be used with setkey and racoon or with OpenBSD’s isakmpd). Choosing one is not easy, but for me the simplest method was best. I choose Linux 2.6 PF_KEY with ipsec-tools and racoon for dynamic key exchange (now part of ipsec-tools). Its simple, easy to implement and… configuration files without any modification (except file paths) can be used also in FreeBSD (tested with 6.3-RELEASE).
Continue reading “Deploying IPsec in small LAN in 3 easy steps”