howto/IPsecWithPublicKeys/RacoonExample

  • Search
  • Home
  • All
  • Files
  • History
  • Latest Changes
Site Links
  • Home
    • Getting Started
    • Registry Authentication
    • Address Space
    • FAQ
  • How-To

    • Wireguard
    • Openvpn
    • IPsec With Public Keys
    • Tinc
    • GRE on FreeBSD
    • GRE on OpenBSD
    • IPv6 Multicast (PIM-SM)
    • Bird / Bird2
    • Quagga
    • OpenBGPD
    • Mikrotik RouterOS
    • EdgeRouter
    • Static routes on Windows
    • Universal Network Requirements
    • VyOS
  • Services

    • IRC
    • Whois registry
    • DNS
    • Public DNS
    • Looking Glasses
    • Repository Mirrors
    • Distributed Wiki
    • Certificate Authority
  • Internal

    • Internal services
    • APIs
    • Historical services
  • External Tools

    • Paste Board
    • Git Repositories

Table of Contents
    • Se also

dn42

Quote from #dn42: hexa: nobody runs racoon on their free will :).

See also strongswan

The keys are generated with plainrsa-gen.

Usage: plainrsa-gen [options]

  -b bits       Generate <bits> long RSA key (default=1024)
  -e pubexp     Public exponent to use (default=0x3)
  -f filename   Filename to store the key to (default=stdout)
  -i filename   Input source for format conversion
  -h            Help
I'd probably go with 4096 bits.

in your racoon.conf:

path certificate "/etc/racoon/keys";

listen {
  isakmp 192.168.255.1[500];
}

remote 192.168.255.2 {
  exchange_mode main;
  certificate_type plain_rsa "local.priv.key";
  peers_certfile plain_rsa "remote.pub.key";
  proposal {
    authentication_method rsasig;
    lifetime time 8 hour;
    encryption_algorithm aes256;
    hash_algorithm sha256;
    dh_group modp1024;
  }
}

Se also

debian specific configuration

Hosted by: xuu, nurtic-vibe, toBee, burble | Accessible via: dn42, tor, i2p

Last edited by Mic92, 2016-02-25 20:51:34