You don't always have to use RSA type keys. Sometimes the VPN device at the other end of the tunnel won't support them, but will accept a simpler pre-shared key. Here is how to do it.

1.) Create the PSK using one of two methods. You can create a random pre-shared key using the ipsec command.:

	# ipsec ranbits --continuous 128

Or, you can create them out of your head. Make them long (over 20 bytes), as in.

	Nonebutourselvescanfreeourminds

2.) Update /etc/ipsec.secrets by adding text in this format at the beginning of the file.:

	vpn1-ip-address vpn2-ip-address : PSK "key in quotations"

For the example the line is:

	97.158.253.25 6.25.232.6 : PSK "nonebutourselvescanfreeourminds"

Update /etc/ipsec.conf. :

	conn net-to-net
	authby=secret			# Key exchange method
	left=97.158.253.25           	# Public Internet IP address of the LEFT VPN device
	leftsubnet=172.16.1.0/24	# Subnet protected by the LEFT VPN device
	leftnexthop=%defaultroute	# correct in many situations
	right=6.25.232.1		# Public Internet IP address of the RIGHT VPN device
	rightsubnet=10.0.0.0/24		# Subnet protected by the RIGHT VPN device
	rightnexthop=97.158.253.25 	# correct in many situations
	auto=start			# authorizes and starts this connection on booting

Remember to have the same configuration on the Linux VPN boxes on either side of the tunnel and to restart Openswan to activate the new settings.

Reference:

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs