Consider the simplest case where there are two boxes, BoxA and BoxB. User A is on BoxA, User B is on Box B, and the two users have a shared secret, which is a string of hello_world.
usera@qnx.com "Hello_world" userb@qnx.com "Hello_world"
The IPsec IKE daemon, racoon, will use this file to do the authentication and IPsec connection job.
chmod 0600 psk.txt
... # Let racoon know where your preshared keys are: path pre_shared_key "your_full_path_to_psk.txt" ; remote anonymous { exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; #my_identifier address; my_identifier user_fqdn "usera@qnx.com"; peers_identifier user_fqdn "userb@qnx.com"; nonce_size 16; lifetime time 1 hour; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } ...
#!/bin/sh # This is a simple configuration for testing racoon negotiation. # Myself=$1 Remote=$2 setkey -FP setkey -F setkey -c << EOF # spdadd $Remote $Myself any -P in ipsec esp/transport/$Remote-$Myself/require; spdadd $Myself $Remote any -P out ipsec esp/transport/$Myself-$Remote/require; # EOF
Run this on BoxA as ./my_script BoxA BoxB.