Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A Perl script for configuring and starting racoon' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A Perl script for configuring and starting racoon
Authored by: jreades on Mar 11, '04 06:47:34AM

I've updated the code to properly handle certificates as well (thanks to Todd for doing the heavy lifting of figuring out *how* certs work in racoon and how to generate them). There is some documentation in the Profiles.pm file on how to generate certs for a VPN-1.

As well, the script has been substantially re-written to improve a number of aspects:

1. Each connection now has its SA and Profile details in the same section of the racoon.conf file (no more scrolling back and forth to check settings)

2. You can now override almost *any* setting (and hopefully all of the important ones) on a per-network basis -- so a mixed environment where some connections use certs and others private shared keys should work smoothly.

3. A lot more parameters are now configurable from the Profiles.pm file (see '2')

4. It will now automatically generate a psk.txt file from the connections you've defined. Note that each time you run configure, if the psk.txt file already exists it will first copy the existing file to psk.txt.bak and then write the new one. This happens every time, so you *should* create a backup of your psk.txt file before starting to use my script in case there are settings that you should have put in your Profiles.pm file.

5. It will now chown and chmod the output dir -- all files in the output dir will be chowned to root:wheel, and chmodded to 600, all dirs will also be chowned and then chmodded to 700. This is for your own protection (i.e. anyone who steals your Profiles.pm file would be able to access any of your private networks). I strongly recommend placing the Profiles.pm file in /etc/racoon, and it wouldn't hurt to put the vpn.pl and Templates.pm file there as well for safety.

6. The default behaviour of the script is now to restart racoon. This is the most likely need from day-to-day, so now you can simply run `sudo vpn.pl` and it'll kill racoon, rerun the interfaces shell script, and then restart racoon for you.

7. The default input and output directories for the script are /etc/racoon/. You can still override this by passing in your own params, but in the normal course of things there'd be no reason to do this.

Hope this helps. I'm also working on a Konfabulator widget as a front-end to the Perl script but am trying to deal with some issues around protecting the connections paramters from casual access.

The files are still available to download from here: http://www.reades.com/hints/vpn.html (although I need to udpate the content of the HTML page)

Cheers,

jon



[ Reply to This | # ]