HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
dst "${PEERS_IPADDRESS}";
upper_layer_protocol "any";
policy_index ike_trans_policy;
};
selector ike_trans_sel_in {
direction inbound;
dst "${MY_IPADDRESS}";
src "${PEERS_IPADDRESS}";
upper_layer_protocol "any";
policy_index ike_trans_policy;
};
policy ike_trans_policy {
action auto_ipsec;
remote_index ike_trans_remote;
ipsec_mode transport;
ipsec_index { ipsec_esp; };
ipsec_level require;
};
vals.conf File
The relevant sections of the vals.conf file are as follows:
## /usr/local/racoon2/etc/racoon2/vals.conf
setval {
# Preshared key file directory : specify to use preshared keys
PSKDIR "/usr/local/racoon2/etc/racoon2/psk";
# Preshared Key file name
# You can generate it by pskgen.
PRESHRD_KEY "test.psk";
:
:
### Transport Mode Settings ###
# Your IP Address
MY_IPADDRESS "10.0.0.63";
# Peer's IP Address
PEERS_IPADDRESS "10.0.0.11";
:
:
}
default.conf File
The default.conf file installed with Racoon2 is used without modifications.
test.psk File
The /usr/local/racoon2/etc/racoon2/psk/test.psk key file contains the ASCII
preshared key value.
myKey63
Configuration Example: IKEv1 Using RSA Signatures
The following configuration data is for an IKEv1 topology using preshared keys for end-to-end
IPsec SAs.
Both systems use X.500 DNs for IKE IDs. The local ID value on the BSD system does not need to
be explicitly configured; the IKE daemon gets the value from its certificate.
The address for the Free BSD 6.3 system is 10.0.0.64. The address for the HP-UX system is
10.0.0.11.
172 Interoperability