1
mirror of https://git.dn42.dev/wiki/wiki.git synced 2024-11-27 11:23:37 +01:00
wiki/howto/IPsecWithPublicKeys/RacoonExample.md
2015-02-22 10:32:13 +00:00

769 B

The keys are generated with plainrsa-gen.

Usage: plainrsa-gen [options]

  -b bits       Generate <bits> long RSA key (default=1024)
  -e pubexp     Public exponent to use (default=0x3)
  -f filename   Filename to store the key to (default=stdout)
  -i filename   Input source for format conversion
  -h            Help

I'd probably go with 4096 bits.

in your racoon.conf:

path certificate "/etc/racoon/keys";

listen {
  isakmp 192.168.255.1[500];
}

remote 192.168.255.2 {
  exchange_mode main;
  certificate_type plain_rsa "local.priv.key";
  peers_certfile plain_rsa "remote.pub.key";
  proposal {
    authentication_method rsasig;
    lifetime time 8 hour;
    encryption_algorithm aes256;
    hash_algorithm sha256;
    dh_group modp1024;
  }
}