Transport mode between Racoon and Windows hosts with PSK authentication

Intro

Network diagram

Alice

Install racoon and ipsec-tools :

root@host:~# apt-get install racoon ipsec-tools

NB : choose direct modification during raccon installation process.

racoon configuration file is /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt"; 
#path certificate "/etc/racoon/certs"; 

remote 192.168.0.85 { 
	exchange_mode main; 
	proposal { 
		encryption_algorithm 3des; 
		hash_algorithm sha1; 
		authentication_method pre_shared_key; 
		#dh_group modp1024; 
		dh_group 2; 
	} 
#        generate_policy off; 
} 

sainfo address 192.168.0.84 any address 192.168.0.85 any { 
	#pfs_group modp768; 
	#pfs_group 2; 
	lifetime time 1 hour; 
	encryption_algorithm 3des; 
	authentication_algorithm hmac_sha1; 
	compression_algorithm deflate; 
} 
				

Inside /etc/racoon/psk.txt we set the pre-shared key :

# IPv4/v6 addresses 
192.168.0.85	TEST

We set SA/SP inside /etc/ipsec-tools.conf :

#!/usr/sbin/setkey -f 

## Flush the SAD and SPD 
# 
flush; 
spdflush; 

spdadd 192.168.0.84 192.168.0.85 any -P out ipsec 
esp/transport//require; 
#                      
spdadd 192.168.0.85 192.168.0.84 any -P in ipsec 
esp/transport//require; 
#

Useful commands

setkey -f /etc/ipsec-tools.conf
racoon -F -f /etc/racoon/racoon.conf
setkey -F
setkey -D
setkey -DP
ip -s xfrm policy
ip -s xfrm state

Regis

Windows 7

Open Microsoft Management Console :

Add Snap-in :

Summary

Licence Creative Commons
This website http://shebangthedolphins.net is licensed to the public under a licence Creative Commons Attribution licence.
Contact :