howto/IPsecWithPublicKeys/RacoonExample

  • Search
  • Home
  • All
  • Files
  • History
  • Latest Changes
Site Links
  • Home
    • Getting started
    • FAQ
  • How-to

    • Openvpn
    • Tinc
    • Wireguard
    • Bird
    • Quagga
    • IPsec With Public Keys
    • Email
    • GRE on FreeBSD
    • Mikrotik RouterOS
    • EdgeRouter
  • Services

    • IRC
    • Whois registry
    • Hierarchical-DNS
    • DNS
    • Looking Glasses
    • Exchanges
    • Shell
    • Virtual Machines
    • Repository Mirrors
    • Distributed Wiki
    • Certificate Authority
    • Tahoe-LAFS
  • Internal

    • Internal services
  • External Tools

    • Paste Board
    • Git Repositories

Table of Contents
    • Se also

dn42

Quote from #dn42: hexa: nobody runs racoon on their free will :).

See also strongswan

The keys are generated with plainrsa-gen.

Usage: plainrsa-gen [options]

  -b bits       Generate <bits> long RSA key (default=1024)
  -e pubexp     Public exponent to use (default=0x3)
  -f filename   Filename to store the key to (default=stdout)
  -i filename   Input source for format conversion
  -h            Help
I'd probably go with 4096 bits.

in your racoon.conf:

path certificate "/etc/racoon/keys";

listen {
  isakmp 192.168.255.1[500];
}

remote 192.168.255.2 {
  exchange_mode main;
  certificate_type plain_rsa "local.priv.key";
  peers_certfile plain_rsa "remote.pub.key";
  proposal {
    authentication_method rsasig;
    lifetime time 8 hour;
    encryption_algorithm aes256;
    hash_algorithm sha256;
    dh_group modp1024;
  }
}

Se also

debian specific configuration

Hosted by: xuu, nurtic-vibe, siska, toBee, Mic92 | Accessible via: dn42, tor, i2p

Last edited by Mic92, 2016-02-25 21:51:34