HP-UX IPSec Version A.03.00 Administrator's Guide
FreeBSD
HP-UX IPSec can interoperate with FreeBSD IPsec implementations.
Version and Functionalities
HP tested with the FreeBSD 6.3 release using IPsec functionality provided by the Racoon2
20090218 CVS build.
The following functionalities were tested:
• IKEv1 using preshared key authentication for end-to-end transport mode IPsec SAs for all
ports and protocols
• IKEv1 using RSA signature (certificates) authentication for end-to-end transport mode IPsec
SAs for all ports and protocols
• IKEv1 using preshared key authentication for end-to-end tunnel mode IPsec SAs for all
ports and protocols
• IKEv2 using preshared key authentication for end-to-end transport mode IPsec SAs for all
ports and protocols
NOTE: Tests using IKEv2 using RSA signature authentication failed. The Racoon2
implementation does not support the IKEv2 CERTREQ payload.
Configuration Example: IKEv1 Using Preshared Keys
The following configuration data is for an IKEv1 topology using preshared keys for end-to-end
IPsec SAs.
The address for the Free BSD 6.3 system is 10.0.0.63. The address for the HP-UX system is 10.0.0.11.
HP-UX IPSec Configuration
The ipsec_config batch file contains the following entries:
add host Bsd63 \
-src 10.0.0.11 -dst 10.0.0.63 -protocol all \
-action ESP_AES128_HMAC_SHA1
# Note: the lifetime must match the BSD value
add ikev1 Bsd63 -rem 10.0.0.63 \
-group 2 -hash sha1 -enc 3des -life 600
add auth Bsd63Psk -rem 10.0.0.63 \
-kmp IKEV1 -psk myKey63
Racoon2 Configuration
The following Racoon 2 configuration files are located in the /usr/local/racoon2/etc/
racoon directory.
• racoon2.conf
• transport_ike.conf
• vals.conf
• default.conf
• test.psk (in the /usr/local/racoon2/etc/racoon/psk subdirectory)
racoon2.conf File
The contents of the racoon2.conf file are as follows:
#########################
## /usr/local/racoon2/etc/racoon2/racoon2.conf
include "/usr/local/racoon2/etc/racoon2/vals.conf";
192 Interoperability