[strongSwan-dev] Configuration problem for ikev2
wei.you at orange-ftgroup.com
wei.you at orange-ftgroup.com
Tue Jun 29 11:12:58 CEST 2010
Hello,
We are engineers of the Orange Labs, and now we are doing some test for
the ikev2 in the Strongswan environment, we aim to configure the ipsec
like:
DH = 1536-bit MODP Group
PRF = PRF_HMAC_SHA1
ID = ID_KEY_ID
AUTH = RSA Digital Signature
ESP_ENCR = ENCR_AES_CBC or NULL
ESP_AUTH = AUTH_HMAC_SHA1_96 or NULL
We now arrived to configure the ipsec.conf with these parameters like:
-- conn <>
auth = esp
authby = rsasig
ike = modp1536
keyexchange = ikev2
esp = aes128|aes192|aes256|null (for encryption)
esp = sha1|sha (for authentication )
But we still have some problem following:
1, for the ESP_ENCRE and the ESP_AUTH, how can we put the both values
"aes128"(for ESP_ENCRE) and the "sha1"(for ESP_AUTH) to the single "esp"
parameter in the ipsec.conf?
2, we didn't find the right parameters for the "PRF" and the "ID", so do
you have any idea that how we can configure these parameters? Or is
there any document where we can find out some complete description of
the configuration?
Thank you
Orange Labs
Equip MAPS/STT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100629/21c26798/attachment.html>
More information about the Dev
mailing list