Debian side
Install needed packages:
# apt-get install
ipsec-tools racoon
Choose "direct" for racoon
setup
Edit
/etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
# NOTE: Do not use this file
if you use racoon with racoon-tool
# utility. racoon-tool will
setup SAs and SPDs automatically using
#
/etc/racoon/racoon-tool.conf configuration.
#
## Flush the SAD and SPD
#
# flush;
# spdflush;
spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
esp/tunnel/99.99.99.99-10.0.2.254/require;
spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
esp/tunnel/10.0.2.254-99.99.99.99/require;
Edit
/etc/racoon/psk.txt and add the line
99.99.99.99 Somerandomkey
Edit
/etc/racoon/racoon.conf
# Simple racoon.conf
#
#
# Please look in
/usr/share/doc/racoon/examples for
# examples that come with
the source.
#
# Please read racoon.conf(5)
for details, and alsoread setkey(8).
#
#
# Also read the Linux IPSEC
Howto up at
#
http://www.ipsec-howto.org/t1.html
#
path pre_shared_key
"/etc/racoon/psk.txt";
path certificate
"/etc/racoon/certs";
remote 99.99.99.99 {
exchange_mode aggressive,main;
dpd_delay 20;
dpd_maxfail 5;
my_identifier user_fqdn
"something@company.com";
proposal {
lifetime time 28800 second;
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method
pre_shared_key;
dh_group modp1024;
}
}
sainfo address 10.0.2.0/24 any address 10.0.1.0/24 any {
lifetime time 28800 second;
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}Watchguard side
I have simply taken screen shots for the configuration for the watchguard side:
You will need to ensure that the preshared random key is the same as you used in the /etc/racoon/psk.txt file you created above.
