Here is a short description of how to configure FreeS/WAN to work with ipsec_tunnel using tripple DES encryption. FreeS/WAN needs to know the next hop IP numbers (routers), so the ipsec_tunnel example must be extended somewhat. Let us say that the network structure looks like this:
10.0.1.0/24===1.2.3.4---1.2.3.1...5.6.7.1---5.6.7.8===10.0.2.0/24
Put the following in the FreeS/WAN configuration file:
config setup
interfaces=%defaultroute
uniqueids=yes
manualstart="3des-test"
conn 3des-test
spi=0x1000
esp=3des
left=1.2.3.4
leftsubnet=10.0.1.0/24
leftnexthop=1.2.3.1
right=5.6.7.8
rightnexthop=5.6.7.1
rightsubnet=10.0.2.0/24
auto=ignore
espenckey=0x12345678abcdef... # This is the key, in ascii format.
The line manualstart="3des-test" makes the connection
start automaticly when the freeswan ipsec service is started. If you want
to control the connecation manually, remove that line and type this command
to start the connection:
ipsec manual --up 3des-test
If you want to remove the connection, type:
ipsec manual --down 3des-test