A much better idea than using a single preshared secret (a "password") is to use PublicKeyEncryption on your secrets, and IPSec supports the RSA algorithm for doing so.
In your configuration file, you specify
auth=rsasig
to use RSA encryption
Then you specify
leftrsasig=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF...
rightrsasig=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF...
in your connection blocks.
I'll flesh this out later.
3 pages link to IPSecConfigurationRSA:
