環境

• LinuxServer：sakuraのVPS centos 5.5 / 2.6.18-194.8.1.el5 (グローバル：2.2.2.2 / ローカル：192.168.200.1 )
• ルータ：YAMAHA RTX1200 ( グローバル：1.1.1.1 / ローカル：192.168.0.1 )

/etc/racoon/racoon.conf

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log notify; #debug
remote 1.1.1.1 {
exchange_mode aggressive,main;
        doi ipsec_doi;
        nonce_size 16;
        lifetime time 28800 sec;
        initial_contact on;
        situation identity_only;
        my_identifier address 2.2.2.2;
        peers_identifier address 1.1.1.1;
        mode_cfg on;
        generate_policy on;
        ike_frag on;
        passive off;
        support_proxy on;
        proposal_check obey;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}
sainfo address 192.168.200.0/24 any address 192.168.0.0/24 any {
        pfs_group 2;
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}
sainfo address 2.2.2.2 any address 1.1.1.1 any {
        pfs_group 2;
        lifetime time 28800 sec;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_sha1 ;
        compression_algorithm deflate;
}

/etc/racoon/psk.txt

1.1.1.1 PASSWORD

/etc/ipsec-tooks.conf

#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.200.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
spdadd 192.168.0.0/24 192.168.200.0/24 any -P in ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;

racoon発進！

setkey -F
setkey -f /etc/ipsec-tools.conf
racoon -l /var/log/racoon.log -f /etc/racoon/racoon.conf

インターフェイス作成

iptunnel add ipsec0 mode ipip remote 1.1.1.1
ifconfig ipsec0 192.168.200.1 netmask 255.255.255.0
route add -net 192.168.0.0/24 dev ipsec0