-
Notifications
You must be signed in to change notification settings - Fork 213
Usingwhackdirectly
Paul Wouters (libreswan) edited this page Jun 12, 2018
·
2 revisions
Here is an example of using an embedded device on serial console with klips and eth0. This firmware has all ipsec binaries located in /bin/ and has a softlink from /etc/ipsec.secrets into /var/ (which is a ramfs mount)
It’s a nommu system, so no real fork() so we use no helpers. This is for a connection with PSK “test” between a.b.c.d and e.f.g.h
cd /bin pluto --nhelpers 0 --nofork & tncfg --attach --virtual ipsec0 --physical eth0 ifconfig eth0 a.b.c.d netmask 255.255.255.240 broadcast a.b.c.x up ifconfig ipsec0 a.b.c.d netmask 255.255.255.240 broadcast a.b.c.x up echo 'a.b.c.d e.f.g.h: PSK "test"' > /var/ipsec.secrets whack --listen whack --name test --ipv4 --psk --host a.b.c.d --to --host e.f.g.h whack --debug-all # if you want to be initiator and not responder, initiate with line below whack --initiate --name test