rss logo

IPsec VPN between Racoon and Stormshield router


Here a Racoon Gateway configuration example to connect to a Netasq / Stormshield router with a Preshared key.

Network diagram

Netasq / Stormshield configuration

Racoon Server configuration


log debug;
path pre_shared_key "/etc/racoon/psk.txt";

remote 178.178.ZZ.ZZ {
	exchange_mode main,aggressive;
	my_identifier address 193.93.XX.XX;

	proposal {
		lifetime time 3600 secs ;
		encryption_algorithm aes 128 ;
		#encryption_algorithm 3des, rijndael;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group modp1024;
	generate_policy off;

sainfo anonymous {
	pfs_group 2;
	lifetime time 3600 secs ;
	#encryption_algorithm aes 128 ;
	encryption_algorithm aes 128, 3des, blowfish 448 ;
	authentication_algorithm hmac_sha1 ;
	compression_algorithm deflate ;

Netfilter Rules

iptables -t nat -A POSTROUTING -d -m policy --dir out --pol ipsec -j ACCEPT

iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -s -j ACCEPT
iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A OUTPUT -p esp -j ACCEPT
iptables -A OUTPUT -p udp --sport 500 -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT

##ROUTE to Netasq network
ip route add via src

##Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


spdadd any -P out ipsec
spdadd any -P in ipsec


178.178.ZZ.ZZ TEST
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address