HP-UX IPSec Version A.03.00 Administrator's Guide
peers_id ipaddr "${PEERS_IPADDRESS}";
peers_ipaddr "${PEERS_IPADDRESS}" port 500;
kmp_enc_alg { 3des_cbc; };
kmp_hash_alg { hmac_sha1; };
kmp_dh_group { modp1024; };
## Use Preshared Key
kmp_auth_method { psk; };
pre_shared_key "${PSKDIR}/${PRESHRD_KEY}";
};
selector_index ike_trans_sel_in; };
vals.conf File
The relevant sections of the vals.conf file are as follows:
## /usr/local/racoon2/etc/racoon2/vals.conf
setval {
# Preshared key file directory : specify to use preshared keys
PSKDIR "/usr/local/racoon2/etc/racoon2/psk";
# Preshared Key file name
# You can generate it by pskgen.
PRESHRD_KEY "test.psk";
:
:
### Transport Mode Settings ###
# Your IP Address
MY_IPADDRESS "10.0.0.65";
# Peer's IP Address
PEERS_IPADDRESS "10.0.0.11";
:
:
}
default.conf File
The default.conf file installed with Racoon2 is used without modifications.
test.psk File
The /usr/local/racoon2/etc/racoon2/psk/test.psk key file contains the ASCII
preshared key value.
myKey65
Tips
The following tips might help you configure HP-UX IPSec and FreeBSD IPsec implementations:
• The IKEv1 SA lifetime must match. On Racoon2 IPsec implementations, the IKEv1 SA lifetime
is 300 seconds.
• The FreeBSD Racoon2 IPsec implementation does not support the IKEv2 CERTREQ payload.
You cannot use IKEv2 with RSA signatures when negotiating with FreeBSD systems using
Racoon2.
FreeBSD 197