Communication between Pluto and the command is handled via environment variables and standard output: Pluto sets the following variables:
NONCE_I = the initiator nonce in hex format
NONCE_R = the responder nonce in hex format
HASHTYPE = the hash type, either 'OAKLEY_SHA', 'OAKLEY_MD5' or
'OAKLEY_TIGER'
THIS_ADDR = the IP address of the local end
THAT_ADDR = the IP address of the remote end
CONN_NAME = the name of the connection
The command returns its result via stdout in a single line in the format
<resulttype>=<value>, where <resulttype> is one of 'SKEYID',
'SHARED_SECRET' or 'ERROR'.
In case of 'SKEYID' Pluto will try to decode <value> using atobytes()
and use the result as skeyid.
In case of 'SHARED_SECRET' <value> may be also be encoded as quoted
ASCII string. Pluto will use the result to calculate the skeyid itself, just like with a 'normal' shared secret stored in /etc/ipsec.conf
With 'ERROR' the command indicates that some error occured. <value>
contains the error message.
The patch to FreeS/WAN 1.3: freeswan.exec.patch.
A small example Perl script for skeyid calculation: calcHMAC.pl.
iButton based authentication for FreeS/WAN: freeswanibutton.tgz
If you have sugestions or questions, please mail at bastiaan.bakker@lifeline.nl