[strongSwan-dev] Configuration problem for ikev2
Marius Tomaschewski
mt at suse.de
Tue Jun 29 11:40:37 CEST 2010
Am Dienstag, 29. Juni 2010 11:12:58 schrieb wei.you at orange-ftgroup.com:
> Hello,
> 1, for the ESP_ENCRE and the ESP_AUTH, how can we put the both values
> "aes128"(for ESP_ENCRE) and the "sha1"(for ESP_AUTH) to the single "esp"
> parameter in the ipsec.conf?
ipsec.conf(5) defines the format:
esp ESP encryption/authentication algorithm to be used for
the connection, e.g. 3des-md5 (encryption-integrity-[dh-
group]). If dh-group is specified, CHILD_SA setup and
rekeying include a separate diffe hellman exchange (IKEv2
only).
I'd say "esp=aes256-sha1-modp1536!" (the "!" is AFAIK to enforce it).
See also Examples/Test-Cases (http://www.strongswan.org/uml/testresults44/),
e.g.: http://www.strongswan.org/uml/testresults44/ikev2/alg-sha256/
Gruesse / Regards,
Marius Tomaschewski <mt at suse.de> <mt at novell.com>
--
Server Technologies Team, SUSE LINUX Products GmbH,
Nuernberg; GF: Markus Rex; HRB 16746 (AG Nuernberg)
GPG/PGP public key fingerprint:
DF17 271A AD15 006A 5BB9 6C96 CA2F F3F7 373A 1CC0
More information about the Dev
mailing list