HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
HP-UX IPSec Configuration
The ipsec_config commands used on the HP-UX system are as follows:
# ipsec_config add host linux -action pass \
-src 10.0.0.11 -dst 10.0.0.26 \
-action ESP_AES128_HMAC_SHA1
# ipsec_config add auth linux -remote 10.0.0.26 \
-psk myKey26
# ipsec_config add ikev1 linux -remote 10.0.0.26 \
-hash SHA1
Linux Configuration
The Linux configuration uses the following files:
• a file containing arguments for the setkey utility
• the racoon.conf configuration file for the racoon daemon
• the psk.txt file, which contains the preshared key
setkey Argument File
The following file is used with the setkey utility to add entries to the security policy database for
the IPsec SAs with the HP-UX system:
spdadd 10.0.0.26 10.0.0.11 any -P out ipsec
esp/transport//require;
spdadd 10.0.0.11 10.0.0.26 any -P in ipsec
esp/transport//require;
racoon.conf File
The following file is used as the configuration file for the racoon ISAKMP (IKE) daemon. It specifies
the parameters for the IKEv1 SAs with the HP-UX system.
NOTE: A compression_algorithm statement is required even though IP compression is not
used (HP-UX IPSec does not support IP compression).
############## racoon.conf configuration file # see racoon.conf(5)
# start racoon with racoon -F -f this_file
path pre_shared_key "/root/linux-native-racoon/psk_xport_1/psk.txt";
remote 10.0.0.11 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 10.0.0.26 any address 10.0.0.11 any {
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
##############################
# compression_algorithm is required in sainfo
# even if compression is not enabled in the SPD
compression_algorithm deflate;
}
Linux 169