Certificates usually need to be generated from the host machine since the router usually doesn't have enough randomness to generate them easily. I use the Debian package, and I assume there is a RedHat package. Here is a link to a document decribing how to compile it from source.

If you do not desire to use certificates (you only wish to use preshared keys) you may skip to Step 4

Make a new certificate authority

# mkdir -p demoCA/private; mkdir -p demoCA/newcerts;
# touch demoCA/index.txt; echo 01 >> demoCA/serial; chmod -R 700 demoCA
# openssl req -x509 -days 3650 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem
# openssl ca -gencrl -out crl.pem

Make your ipsec server certificate

# openssl req -newkey rsa:2048 -keyout serverKey.pem -out serverReq.pem
# openssl ca -policy policy_anything -in serverReq.pem -days 1825 -out serverCert.pem -notext
# openssl x509 -in serverCert.pem -outform DER -out x509cert.der
# fswcert -k serverKey.pem > ipsec.secrets

Make your client certificates

# openssl req -newkey rsa:2048 -keyout clientKey.pem -out clientReq.pem
# openssl ca -policy policy_anything -in clientReq.pem -days 1825 -out clientCert.pem -notext
# openssl pkcs12 -export -inkey clientKey.pem -in clientCert.pem -certfile demoCA/cacert.pem -out clientCert.p12

Put all of this onto your Bering floppy or compact flash card, unmount it and boot it