Configuring IPsec


IPsec is configured using the setkey and racoon commands. 

The setkey command is used to tell the kernel which packets must be sent via IPsec, and to configure IPsec options for each host, range of hosts, subnet, etc., to which you want secure communication.

The racoon command is used to provide automatic encryption key and certificate management between hosts. Using racoon is optional, yet recommended. By automating the process of periodically changing and synchronizing keys and certificates within the set of hosts you define for IPsec, you not only reduce maintenance, but also reduce the likelihood that a key will be compromised.