HP-UX IPSec Version A.03.00 Administrator's Guide

NOTE: A compression_algorithm statement is required even though IP compression is

not used (HP-UX IPSec does not support IP compression).

############## racoon.conf configuration file # see racoon.conf(5)

# start racoon with racoon -F -f this_file

path pre_shared_key "/root/linux-native-racoon/psk_xport_1/psk.txt";

remote 10.0.0.11 {

exchange_mode main;

proposal {

encryption_algorithm 3des;

hash_algorithm sha1;

authentication_method pre_shared_key;

dh_group modp1024;

}

sainfo address 10.0.0.26 any address 10.0.0.11 any {

encryption_algorithm aes;

authentication_algorithm hmac_sha1;

##############################

# compression_algorithm is required in sainfo

# even if compression is not enabled in the SPD

compression_algorithm deflate;

}

psk.txt File

The path for the preshared key file is specified by the path pre_shared_key directive in the

racoon.conf file. In this example, the preshared key file is

/root/linux-native-racoon/psk_xport_1/psk.txt. The contents are as follows:

################## preshared key file (psk.txt)

10.0.0.11 myKey26

Tips

The following tips might help you configure HP-UX IPSec and Linux implementations:

• HP-UX IPSec does not support IP compression.

Do not specify the protocol ipcomp or the -C option in spdadd operations.

The syntax for the sainfo entry in the racoon.conf requires a compression_algorithm

statement even though IP compression is not used with HP-UX peers.

Linux 191