Some notes on a bit of "simple" IPSec

First of all, IPSec has always struck me as something that's advanced and simple getting together and making something really hard to comprehend.

There's the absolute basic of it, move package X from A to B, securely. The concept is deceptively simple.

Then the troubles start, I've seen it go wrong so many times, amateur and professionals alike, when we have to set the parameters for the phases, and the encryption domains, it all falls apart.

The only tricks I've found that helps with this is, be patient, and do everything in writing.. And still it fails often enough :-)

Shared Secrets

I've grown to enjoy openssl rand as a source for crypto keys I can defend using, something like this usually gets me a good key.

% openssl rand -base64 42
FFR46EZbvuLiITljcdXC87rRSrjF9SxXKWmsikI3/GDJjX6b4BnH1+gm