02-04-2003
You don't need to 'split the key'... the key (shared secret) is symmetric, not asymmetric. You simply use the same (shared secret) key on both ends of the IPSEC VPN tunnel.
Each end will use the (shared secret) key to generate a session key.
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I'm facing a problem interpreting the shared memory key on an AIX machine.
(1) I go to a property file and I see the following:
shm_key = "119112066"
(2) So I now go the command prompt and do this:
ipcs -m | grep 119112066
And, I do not find it. So what I do is to run the... (2 Replies)
Discussion started by: vijaygade
2 Replies
2. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
3. Solaris
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Discussion started by: aixlover
1 Replies
4. Cybersecurity
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Discussion started by: elinaz
0 Replies
5. Programming
Hello.
I am new to this forum and I would like to ask for advice about low level POSIX programming.
I have to implement a POSIX compliant C shared library.
A file will have some variables and the shared library will have some functions which need those variables.
There is one special... (5 Replies)
Discussion started by: iamjag
5 Replies
6. IP Networking
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
7. IP Networking
Hi @all,
I try to connect 2 LANs with IPSec/Openswan
LAN 1: 192.168.0.0/24
LAN 2: 192.168.1.0/24
This is my Config:
conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
8. IP Networking
We are using cyberoam device, VPN IPSEC tunnel is going of frequently even the traffic is throug.
Please suggest what may be the cause for the above mentioned issue.
Also suggest a best tool to monitor the same VPN IPSEC tunnel connectivity. (4 Replies)
Discussion started by: marunmeera
4 Replies
RACOON(8) BSD System Manager's Manual RACOON(8)
NAME
racoon -- IKE (ISAKMP/Oakley) key management daemon
SYNOPSIS
racoon [-46BdFLv] [-f configfile] [-l logfile]
DESCRIPTION
racoon is used to setup and maintain an IPSec tunnel or transport channel, between two devices, over which network traffic is conveyed
securely. This security is made possible by cryptographic keys and operations on both devices. racoon relies on a standardized network pro-
tocol (IKE) to automatically negotiate and manage the cryptographic keys (e.g. security associations) that are necessary for the IPSec tunnel
or transport channel to function. racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with
other hosts. The SPD (Security Policy Database) in the kernel usually triggers racoon. racoon usually sends all informational messages,
warnings and error messages to syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO. Debugging messages are sent with the pri-
ority LOG_DEBUG. You should configure syslog.conf(5) appropriately to see these messages.
-4
-6 Specify the default address family for the sockets.
-B Install SA(s) from the file which is specified in racoon.conf(5).
-d Increase the debug level. Multiple -d arguments will increase the debug level even more.
-F Run racoon in the foreground.
-f configfile
Use configfile as the configuration file instead of the default.
-L Include file_name:line_number:function_name in all messages.
-l logfile
Use logfile as the logging file instead of syslogd(8).
-v This flag causes the packet dump be more verbose, with higher debugging level.
racoon assumes the presence of the kernel random number device rnd(4) at /dev/urandom.
RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
FILES
/private/etc/racoon/racoon.conf default configuration file.
/private/etc/racoon/psk.txt default pre-shared key file.
SEE ALSO
ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)
HISTORY
The racoon command first appeared in the ``YIPS'' Yokogawa IPsec implementation.
SECURITY CONSIDERATIONS
The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601.
BSD
November 20, 2000 BSD