HP-UX IPSec Version A.03.00 Administrator's Guide
vals.conf File
The relevant sections of the vals.conf file are as follows:
## /usr/local/racoon2/etc/racoon2/vals.conf
setval {
# Preshared key file directory : specify to use preshared keys
PSKDIR "/usr/local/racoon2/etc/racoon2/psk";
# Preshared Key file name
# You can generate it by pskgen.
PRESHRD_KEY "test.psk";
:
:
### Transport Mode Settings ###
# Your IP Address
MY_IPADDRESS "10.0.0.63";
# Peer's IP Address
PEERS_IPADDRESS "10.0.0.11";
:
:
}
default.conf File
The default.conf file installed with Racoon2 is used without modifications.
test.psk File
The /usr/local/racoon2/etc/racoon2/psk/test.psk key file contains the ASCII
preshared key value.
myKey63
Configuration Example: IKEv1 Using RSA Signatures
The following configuration data is for an IKEv1 topology using preshared keys for end-to-end
IPsec SAs.
Both systems use X.500 DNs for IKE IDs. The local ID value on the BSD system does not need
to be explicitly configured; the IKE daemon gets the value from its certificate.
The address for the Free BSD 6.3 system is 10.0.0.64. The address for the HP-UX system is 10.0.0.11.
HP-UX IPSec Configuration
The ipsec_config batch file contains the following entries:
add host Bsd64 \
-src 10.0.0.11 -dst 10.0.0.64 -protocol all \
-action ESP_AES128_HMAC_SHA1
# Note: the lifetime must match the BSD value
add ikev1 Bsd64 -rem 10.0.0.64 \
-group 2 -hash sha1 -enc 3des -life 600
add auth Bsd64RSA -rem 10.0.0.64 \
-kmp IKEv1 -local_method RSASIG \
-rtype X500-DN -rid CN=BsdSys64 \
-ltype X500-DN -lid CN=HPSys11 \
The remote ID (rid) value matches the subjectName field in the BSD system certificate. The local
ID (lid) value is optional; when the local ID type (ltype) is X500–DN, ipsec_config overwrites
any specified value with the subjectName field from the local system certificate.
194 Interoperability