https://wiki.luthienstar.fr/ 2026-05-02T18:30:27+00:00 https://wiki.luthienstar.fr/ https://wiki.luthienstar.fr/lib/tpl/dokuwiki/images/favicon.ico text/html 2013-09-27T13:56:40+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.luthienstar.fr/docs:ipsec:modes?rev=1380283000&do=diff IPSec Exchange modes The following information comes from the following page: https://supportforums.cisco.com/docs/DOC-8125 Its content has been replicated for archiving purposes. Main Mode An IKE session begins with the initiator sending a proposal or proposals to the responder. The proposals define what encryption and authentication protocols are acceptable, how long keys should remain active, and whether perfect forward secrecy should be enforced, for example. Multiple proposals can be sen… text/html 2013-09-27T12:57:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.luthienstar.fr/docs:ipsec:policy?rev=1380279428&do=diff IPSec policy Policy Format Policy format is direction [priority specification] policy * discard means that packets will be dropped if they match the policy. * entrust means to consult the SPD defined by setkey(8). * bypass means to bypass the IPsec processing. (the packet will be transmitted in clear). This is for privileged sockets. text/html 2013-09-27T19:43:48+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.luthienstar.fr/docs:ipsec:racoon_psk?rev=1380303828&do=diff Racoon setup with PSKs Informations in this document mainly come from a document made by Leonardo Ciociano Racoon is an Internet Key Exchanger (IKE). Racoon job it to automatically negotiate the keys that are going to be used to encrypt traffic. This could be accomplished with PreShared Keys (PSK), X.509 Certificates, or Kerberos. The daemon could use different methods of PSK exchange. text/html 2013-09-27T19:44:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.luthienstar.fr/docs:ipsec:racoon_roadwarrior?rev=1380303855&do=diff Racoon setup for roadwarriors Informations in this document mainly come from a document made by Leonardo Ciociano RoadWarriors are clients that always connect to the network from a different and unknown IP address. (E.g. Notebook on a trip, client behind a crappy ISP). This shows us two problems: text/html 2013-09-27T19:43:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.luthienstar.fr/docs:ipsec:racoon_x509?rev=1380303813&do=diff Racoon setup with X.509 Certificates Informations in this document mainly come from a document made by Leonardo Ciociano Racoon supports X.509 certificates for authentication process. These certificates may be validated by a certification authority (CA). The configuration is similar to that using