Overview

You will need to work with your sysadmin to get the Netscreen configured correctly using Diffie-Hellman Group2 and a number of other options required by racoon, but it is possible. In general, the easiest thing to do is to set up a distinct policy for Macs trying to connect to the Netscreen VPN and leave the original (presumably working) policy in place for PCs using the Netscreen client.

Key Files

You will need to configure the following three files:

1. The shared secrets file in /etc/racoon/psk.txt -- you will add one line for each Netscreen VPN appliance and the format is IP Address<tab>Shared Secret (i.e. password)
2. A shell script to set up the tunnels
3. A racoon.conf file to replace the one in /etc/racoon/ -- again, you will need to replace the IP addresses supplied with your own. Note too that you will need to obtain a user_fqdn from your sysadmin.

Configuration Script

To help you with this process, I've set up a simple Perl script that you can run that will configure and deploy the racoon and tunnel scripts. The files you need area:

1. Tempates.pm -- the file containing the templates used to set up the racoon.conf and tunnels script
2. vpn.pl -- the script that will actually configure and run the Mac-end of the VPN
3. Profiles.pm -- a sample VPN profile allowing you to configure multiple subnets and VPNs simultaneously using a fairly simple set of hashes and arrays

Please note that in preparing these scripts for downloading I made a few tweaks to improve the readability of my code. This *may* have broken something, in which case I humbly apologise. Send me the corrections and I'll update the scripts. I'll also try to download them and run them on my own Mac shortly.