A Perl script for configuring and starting racoon

Apr 01, '03 09:28:00AM

Contributed by: jreades

A client of mine has several IPSec-compatible VPN appliances protecting access to their data centre and internal networks. I knew the appliances were compatible with racoon (the built-in firewall on OSX) but had a lot of trouble figuring out how to configure the various files properly and didn't really want to cough up $100+ for VPNTracker (a fine GUI, but the single connection is rather limiting and the price was a little steep for me).

I also got really tired of creating a new racoon.conf file for each an every IP address that my machine obtained as I moved around, so I wanted to create a simple configuration script that would take all of the work out of getting connected and simply generate the relevant config files and start up racoon.

The referenced scripts/modules will hopefully allow you to concentrate on working with your sysadmins to get the server-side configured properly rather than wondering how on earth to get started with the racoon.conf file.

There are three files:

[robg adds: Read the rest of the hint for more info on these scripts; I have not tested these...]

With luck, the only file you'll need to adjust is Profile.pm which contains the connection profiles for every network that you want to connect with. The syntax is fairly simple: key => val and it supports nested arrays and hashes.

Here's how it works:

Note that this script assumes that all VPN 'servers' will use the same PFS Group, DH Group, Encryption, Authentical, and Hashing protocols. If you are connecting to multiple companies' VPNs this probably will not be true, but it's a quick hack of the Profiles.pm and Templates.pm files.

HTH.

P.S. You're on your own for configuring the server-side, I'm afraid, since every VPN is different and not all appliances are IPSec-compatible.

Comments (9)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030329101347638