Sorry, I accidentally pressed send too soon :X
> cat ifcfg-ipsec0
I don't understand how this file should be modified, and I can't really
find any documentation on how to do this. I'm assuming the IKE_METHOD
should be set to RSA or something among those lines, but I can't find
any man page or good documentation for these interface configuration
files. Am I looking in the wrong place?
I guess I don't really understand how the ipsec0 interface configuration
relates to the racoon daemon itself. It seems like these parameters are
already configured in the racoon.conf and are redundant.
Can somebody maybe point me to some documentation or explain how
ifcfg-eth0 should be configured for RSA certificate authentication?
Dan Sullivan wrote:
> I am not 100% sure I'm asking this question in the right place but I'll
> take a stab at sending to this list again. The support I got here last
> time was great, so I'm hoping that somebody could either answer my
> question or point me in the right direction.
> Basically, a while back I had some questions about setkey/racoon.conf
> and building Phase 2 SA using a PSK. I got that up working fine, but
> now I want to take it a step further. I'm trying to get this setup
> using certificates.
> It looks to me like the racoon configuration to do this is
> straightforward; essesntially do the following;
> 1) cp /path/to/cacert.pem /etc/racoon/certs
> 2) cd /etc/racoon/certs
> 3) ln -s cacert.pem `openssl x509 -hash -noout -in cacert.pem`.0
> 4) change racoon.conf to change authentication type, set certificate
> type, set identifier, and turn verify_cert on
> So, I understand that part and I am pretty confident that it will work.
> What I am really confused about and can't find any documentation for
> is how the ipsec0 interface should be configured. Currently, my
> ifcfg-ipsec0 configuration file looks like this: