Here is my racoon configuration (remote IP obfuscated) :
$ cat /etc/racoon/racoon.conf privsep { user "racoon"; group "racoon"; }
log notify; path certificate "/etc/racoon/certs"; path script "/etc/racoon/scripts";
remote 1.2.3.4 { exchange_mode main; nat_traversal on; certificate_type plain_rsa "/etc/racoon/local-key/sdeziel-laptop"; peers_certfile plain_rsa "/etc/racoon/remote-key/sdeziel-fw.pub"; peers_identifier fqdn "sdeziel-fw"; my_identifier fqdn "sdeziel-laptop"; verify_cert off; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method rsasig; dh_group modp2048; } } sainfo anonymous { pfs_group modp2048; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate; }
Note that the remote peer receives the SA deletion message even if racoon crashes.
Here is my racoon configuration (remote IP obfuscated) :
$ cat /etc/racoon/ racoon. conf
privsep
{
user "racoon";
group "racoon";
}
log notify; certs"; scripts" ;
path certificate "/etc/racoon/
path script "/etc/racoon/
remote 1.2.3.4 {
exchange_ mode main; local-key/ sdeziel- laptop" ; remote- key/sdeziel- fw.pub" ;
encryption_ algorithm aes;
hash_ algorithm sha1;
authenticatio n_method rsasig;
dh_group modp2048;
encryption_ algorithm aes;
authentication _algorithm hmac_sha1;
compression_ algorithm deflate;
nat_traversal on;
certificate_type plain_rsa "/etc/racoon/
peers_certfile plain_rsa "/etc/racoon/
peers_identifier fqdn "sdeziel-fw";
my_identifier fqdn "sdeziel-laptop";
verify_cert off;
proposal {
}
}
sainfo anonymous {
pfs_group modp2048;
}
Note that the remote peer receives the SA deletion message even if racoon crashes.