howto/IPsecWithPublicKeys/RacoonExample

• Home
  • Getting Started
  • Registry Authentication
  • Address Space
  • FAQ

• How-To

  • Wireguard
  • Openvpn
  • IPsec With Public Keys
  • Tinc
  • GRE on FreeBSD
  • GRE on OpenBSD
  • IPv6 Multicast (PIM-SM)
  • Bird / Bird2
  • Quagga
  • OpenBGPD
  • Mikrotik RouterOS
  • EdgeRouter
  • Static routes on Windows
  • Universal Network Requirements
  • VyOS

• Services

  • IRC
  • Whois registry
  • DNS
  • Public DNS
  • Looking Glasses
  • Repository Mirrors
  • Distributed Wiki
  • Certificate Authority
  • Route Collector

• Internal

  • Internal services
  • Interconnections
  • APIs
  • Historical services

• External Tools

  • Paste Board
  • Git Repositories

---

Quote from #dn42: hexa: nobody runs racoon on their free will :).

See also strongswan

The keys are generated with plainrsa-gen.

Usage: plainrsa-gen [options]

  -b bits       Generate <bits> long RSA key (default=1024)
  -e pubexp     Public exponent to use (default=0x3)
  -f filename   Filename to store the key to (default=stdout)
  -i filename   Input source for format conversion
  -h            Help

I'd probably go with 4096 bits.

in your racoon.conf:

path certificate "/etc/racoon/keys";

listen {
  isakmp 192.168.255.1[500];
}

remote 192.168.255.2 {
  exchange_mode main;
  certificate_type plain_rsa "local.priv.key";
  peers_certfile plain_rsa "remote.pub.key";
  proposal {
    authentication_method rsasig;
    lifetime time 8 hour;
    encryption_algorithm aes256;
    hash_algorithm sha256;
    dh_group modp1024;
  }
}

Se also

debian specific configuration

Hosted by: xuu, nurtic-vibe, toBee, burble | Accessible via: dn42, tor, i2p