[strongSwan-dev] Configuration problem for ikev2

Marius Tomaschewski mt at suse.de
Tue Jun 29 11:40:37 CEST 2010

Am Dienstag, 29. Juni 2010 11:12:58 schrieb wei.you at orange-ftgroup.com:
> Hello,
> 1, for the ESP_ENCRE and the ESP_AUTH, how can we put the both values
> "aes128"(for ESP_ENCRE) and the "sha1"(for ESP_AUTH) to the single "esp"
> parameter in the ipsec.conf?

ipsec.conf(5) defines the format:

       esp           ESP encryption/authentication algorithm to  be  used  for
                     the connection, e.g.  3des-md5 (encryption-integrity-[dh-
                     group]). If dh-group is  specified,  CHILD_SA  setup  and
                     rekeying include a separate diffe hellman exchange (IKEv2

I'd say "esp=aes256-sha1-modp1536!" (the "!" is AFAIK to enforce it).

See also Examples/Test-Cases (http://www.strongswan.org/uml/testresults44/),
e.g.: http://www.strongswan.org/uml/testresults44/ikev2/alg-sha256/

Gruesse / Regards,
 Marius Tomaschewski <mt at suse.de> <mt at novell.com>
 Server Technologies Team, SUSE LINUX Products GmbH,
 Nuernberg; GF: Markus Rex; HRB 16746 (AG Nuernberg)
 GPG/PGP public key fingerprint:
 DF17 271A AD15 006A 5BB9   6C96 CA2F F3F7 373A 1CC0

More information about the Dev mailing list