d30842f07e0e682baf2c6ca928ba3228f9def791
_Header.md
| ... | ... | @@ -1 +1 @@ |
| 1 | -[](/) |
|
| 1 | +[](/) |
|
| ... | ... | \ No newline at end of file |
howto/IPsecWithPublicKeys/RacoonExample.md
| ... | ... | @@ -1,2 +1,35 @@ |
| 1 | -# IPsec with public key authentication on Racoon |
|
| 2 | -## Coming soon |
|
| ... | ... | \ No newline at end of file |
| 0 | +The keys are generated with plainrsa-gen. |
|
| 1 | + |
|
| 2 | +``` |
|
| 3 | +Usage: plainrsa-gen [options] |
|
| 4 | + |
|
| 5 | + -b bits Generate <bits> long RSA key (default=1024) |
|
| 6 | + -e pubexp Public exponent to use (default=0x3) |
|
| 7 | + -f filename Filename to store the key to (default=stdout) |
|
| 8 | + -i filename Input source for format conversion |
|
| 9 | + -h Help |
|
| 10 | +``` |
|
| 11 | +I'd probably go with 4096 bits. |
|
| 12 | + |
|
| 13 | + |
|
| 14 | +in your racoon.conf: |
|
| 15 | +``` |
|
| 16 | +path certificate "/etc/racoon/keys"; |
|
| 17 | + |
|
| 18 | +listen { |
|
| 19 | + isakmp 192.168.255.1[500]; |
|
| 20 | +} |
|
| 21 | + |
|
| 22 | +remote 192.168.255.2 { |
|
| 23 | + exchange_mode main; |
|
| 24 | + certificate_type plain_rsa "local.priv.key"; |
|
| 25 | + peers_certfile plain_rsa "remote.pub.key"; |
|
| 26 | + proposal { |
|
| 27 | + authentication_method rsasig; |
|
| 28 | + lifetime time 8 hour; |
|
| 29 | + encryption_algorithm aes256; |
|
| 30 | + hash_algorithm sha256; |
|
| 31 | + dh_group modp1024; |
|
| 32 | + } |
|
| 33 | +} |
|
| 34 | +``` |
|
| ... | ... | \ No newline at end of file |