Simple question: what's the recommended method of initializing an IPSec
connection between hosts without always using the same pre-shared key?
What I have been doing is the following:

1. Initialize it with a (static, manually-generated) pre-shared key on
boot;

2. Start up racoon to manage the keys thereafter.


Is there some way I should be automatically changing the pre-shared key
(which should only be used at boot, but I would prefer to change it on a
regular basis rather than keep re-using it)?  I would have no problem
scripting it to generate a new key from a cron job and replace the
string in /etc/ipsec.conf but if there is a better way I'd just like to
know about it.

Thanks.