If you are not using one of the PSK authentication modes, RSA credentials will need to be generated for the VPN gateway and possibly the Client as well. The only RSA authentication method that does not require Client credentials to operate is the Hybrid Authentication Method.
To generate RSA credentials, use the openssl tool to create a certificate authority, a private key and a signed certificate. Although the detailed use of the openssl command line tool is beyond the scope of this document, here is an example of how RSA server credentials might be created ...
mkdir certs mkdir -p demoCA/newcerts touch demoCA/index.txt echo "00" > demoCA/serial umask 077 openssl genrsa > certs/ca.key openssl genrsa > certs/vpngw.key umask 022 openssl req -days 1825 -x509 -new -key certs/ca.key > certs/ca.crt openssl req -new -key certs/vpngw.key > certs/vpngw.csr openssl ca -in certs/vpngw.csr -keyfile certs/ca.key \ -cert certs/ca.crt -out certs/vpngw.crt |
After the server credentials have been created, you will need to move the server certificate and private key files to the certificate path specified in your racoon configuration file. The certificate authority public certificate should be given to each user that will be connecting to the gateway.