HP-UX IPSec Version A.03.00 Administrator's Guide
Linux
HP-UX IPSec can interoperate with Linux IPsec.
Version and Functionalities
HP tested HP-UX IPSec with Linux IPsec functionality provided by ipsec-tools version 0.7, which
is included with Linux kernel versions 2.6 and later.
The following functionalities were tested:
• IKEv1 using preshared key authentication for end-to-end transport mode IPsec SAs for all
ports and protocols
• IKEv1 using preshared key authentication for end-to-end tunnel mode IPsec SAs for all
ports and protocols
Configuration Example
The following configuration data is for an IKEv1 topology using preshared key authentication
for end-to-end transport mode IPsec SAs.
The Linux 2.6 system IP address is 10.0.0.26. The HP-UX system IP address is 10.0.0.11.
For added security, this example uses SHA1 as the IKEv1 hash algorithm. The HP-UX default
IKEv1 hash algorithm is MD5. You must explicitly configure SHA1 as the IKEv1 hash algorithm
on the HP-UX system.
HP-UX IPSec Configuration
The ipsec_config commands used on the HP-UX system are as follows:
# ipsec_config add host linux -action pass \
-src 10.0.0.11 -dst 10.0.0.26 \
-action ESP_AES128_HMAC_SHA1
# ipsec_config add auth linux -remote 10.0.0.26 \
-psk myKey26
# ipsec_config add ikev1 linux -remote 10.0.0.26 \
-hash SHA1
Linux Configuration
The Linux configuration uses the following files:
• a file containing arguments for the setkey utility
• the racoon.conf configuration file for the racoon daemon
• the psk.txt file, which contains the preshared key
setkey Argument File
The following file is used with the setkey utility to add entries to the security policy database
for the IPsec SAs with the HP-UX system:
spdadd 10.0.0.26 10.0.0.11 any -P out ipsec
esp/transport//require;
spdadd 10.0.0.11 10.0.0.26 any -P in ipsec
esp/transport//require;
racoon.conf File
The following file is used as the configuration file for the racoon ISAKMP (IKE) daemon. It
specifies the parameters for the IKEv1 SAs with the HP-UX system.
190 Interoperability