HP-UX IPSec Version A.03.00 Administrator's Guide
Racoon2 Configuration
The following Racoon 2 configuration files are located in the /usr/local/racoon2/etc/
racoon directory.
• racoon2.conf
• transport_ike.conf
• vals.conf
• default.conf
Certificate Files
In this example, the following certificate-related files are located in the /usr/local/racoon2/
etc/racoon/cert subdirectory:
• myPubKey.pem: public key for the local (FreeBSD) system
• myPvtKey.pem: (private key for the local (FreeBSD) system
• hpuxPeerPubkey.pem: the certificate for the peer (HP-UX) system
These files are manually installed by the administrator. The directory and file names are specified
in the vals.conf file.
racoon2.conf File
The racoon2.conf file has the same contents as the file used for IKEv1 with preshared keys.
See “racoon2.conf File” (page 192).
transport_ike.conf File
The transport_ike.conf has the same contents as the file used for IKEv1 with preshared
keys as shown in “transport_ike.conf File” (page 193), except for the remote ike_trans_remote
section. To use RSA signatures, the remote ike_trans_remote section has the following
contents:
remote ike_trans_remote {
acceptable_kmp { ikev1; };
ikev1 {
my_id x509_subject "${CERTDIR}/${MY_PUB_KEY}";
peers_id x509_subject "${CERTDIR}/${PEERS_PUB_KEY}";
peers_ipaddr "${PEERS_IPADDRESS}" port 500;
kmp_enc_alg { 3des_cbc; };
kmp_hash_alg { sha1; };
kmp_dh_group { modp1024; };
## Use Certificate
kmp_auth_method { rsasig; };
my_public_key x509pem "${CERTDIR}/${MY_PUB_KEY}" "${CERTDIR}/${MY_PRI_KEY}";
peers_public_key x509pem "${CERTDIR}/${PEERS_PUB_KEY}" "";
};
selector_index ike_trans_sel_in; };
vals.conf File
The relevant sections of the vals.conf file are as follows:
## /usr/local/racoon2/etc/racoon2/vals.conf
setval {
CERTDIR "/usr/local/racoon2/etc/racoon2/cert";
# Your Private Key file name
MY_PUB_KEY "myPubKey.pem";
# Your Private Key file name
MY_PRI_KEY "myPvtKey.pem";
# Peer's Public Key file name
# (certificate file)
PEERS_PUB_KEY "hpuxPeerPubKey.pem";
FreeBSD 195