HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
Racoon2 Configuration
The following Racoon 2 configuration files are located in the /usr/local/racoon2/etc/
racoon directory.
• racoon2.conf
• transport_ike.conf
• vals.conf
• default.conf
• test.psk (in the /usr/local/racoon2/etc/racoon/psk subdirectory)
racoon2.conf File
The racoon2.conf file has the same contents as the file used for IKEv1 with preshared keys. See
“racoon2.conf File” (page 171).
transport_ike.conf File
The transport_ike.conf has the same contents as the file used for IKEv1 with preshared keys
as shown in “transport_ike.conf File” (page 171), except for the remote ike_trans_remote
section. To use IKEv2, the remote ike_trans_remote section has the following contents:
remote ike_trans_remote {
acceptable_kmp { ikev2; };
ikev2 {
my_id ipaddr "${MY_IPADDRESS}";
peers_id ipaddr "${PEERS_IPADDRESS}";
peers_ipaddr "${PEERS_IPADDRESS}" port 500;
kmp_enc_alg { 3des_cbc; };
kmp_hash_alg { hmac_sha1; };
kmp_dh_group { modp1024; };
## Use Preshared Key
kmp_auth_method { psk; };
pre_shared_key "${PSKDIR}/${PRESHRD_KEY}";
};
selector_index ike_trans_sel_in; };
vals.conf File
The relevant sections of the vals.conf file are as follows:
## /usr/local/racoon2/etc/racoon2/vals.conf
setval {
# Preshared key file directory : specify to use preshared keys
PSKDIR "/usr/local/racoon2/etc/racoon2/psk";
# Preshared Key file name
# You can generate it by pskgen.
PRESHRD_KEY "test.psk";
:
:
### Transport Mode Settings ###
# Your IP Address
MY_IPADDRESS "10.0.0.65";
# Peer's IP Address
PEERS_IPADDRESS "10.0.0.11";
:
:
}
FreeBSD 175