Differences

This shows you the differences between two versions of the page.

--- docs:ipsec:racoon_psk [2013/09/27 14:37] – created root
+++ docs:ipsec:racoon_psk [2013/09/27 19:43] (current) – root
@@ Line 1: / Line 1: @@
 ====== Racoon setup with PSKs ======
+<code>Informations in this document mainly come from a document made by Leonardo Ciociano</code>
 Racoon is an Internet Key Exchanger (IKE). Racoon job it to automatically negotiate the keys that are going to be used to encrypt traffic. This could be accomplished with PreShared Keys (PSK), X.509 Certificates, or Kerberos.  The daemon could use different methods of PSK exchange. ''Main Mode'', ''Aggresive Mode'' (insecure) or ''Base Mode'' for IKE first phase.
@@ Line 26: / Line 28: @@
         exchange_mode main;
         proposal {
-                encryption_algorithm 3des;
+                encryption_algorithm aes;
-                hash_algorithm md5;
+                hash_algorithm sha256;
                 authentication_method pre_shared_key;
-                dh_group modp1024;
+                dh_group modp4096;
         }
 }
 sainfo address 172.16.1.0/24 any address 172.16.2.0/24 any {
-        pfs_group modp768;
+        pfs_group modp4096;
-        encryption_algorithm 3des;
+        encryption_algorithm aes;
-        authentication_algorithm hmac_md5;
+        authentication_algorithm hmac_sha1;
         compression_algorithm deflate;
 }</code>