[strongSwan-dev] IKEv2 Proposal Limites StrongSwan v5.4.0

James Hulka jah at open.ch
Fri Jul 15 13:34:46 CEST 2016


Hello Tobias,

please find my answers inline.

Best Regards,

James

On 15/07/16 12:02, Tobias Brunner wrote:
> Hi James,
>
>> are you aware of any limit on the number of IKEv2 IKE and ESP proposals that
>> StrongSwan v5.4.0 can support?
> Each proposal has a number assigned within the SA payload, which is
> stored in an 8-bit field.  Starting with 1 this theoretically limits the
> number of proposals to 255.  But the daemon actually does not enforce
> this, so if you configure more they just get the same number assigned as
> a previous proposal (the number is just truncated to 8-bit).  However,
> such an SA payload would then fail verification on the responder (the
> daemon verifies that the proposals are numbered consecutively).  The
> number of transforms (algorithms) per proposal is also stored in an
> 8-bit field, so that's limited too (but also not enforced, so this could
> fail miserably as e.g. adding 256 transforms would result in the number
> getting set to 0).
yes this makes sense. Interestingly with StrongSwan v5.4.0 we had the
following error message if we had more than 255 proposals configured:

> ipsec up test_1
no config named ’test_1’

>> Testing with v5.0.3 we were able to use up to 10000 proposals.
> Seems strange.  How exactly did you test this?  Could you provide some
> test configs?  Why would you have such a high number of proposals anyway?
We were testing the cross product of different sets (rather large sets)
of algorithms to see if it would be possible to establish connections
with a variety of third party peers without having to tweak this part of
the configuration too much (I have attached an example configuration
ikev2.conf).

> Regards,
> Tobias
>
-------------- next part --------------
conn test_1
    type=tunnel
    auto=route
    keyexchange=ikev2
    ike=aes256-sha512-modp8192,aes256-sha512,aes256-sha512-modp6144,aes256-sha512,aes256-sha512-modp4096,aes256-sha512,aes256-sha512-modp3072,aes256-sha512,aes256-sha512-modp2048,aes256-sha512,aes256-sha512-modp1536,aes256-sha512,aes256-sha512-modp1024,aes256-sha512,aes256-sha384-modp8192,aes256-sha384,aes256-sha384-modp6144,aes256-sha384,aes256-sha384-modp4096,aes256-sha384,aes256-sha384-modp3072,aes256-sha384,aes256-sha384-modp2048,aes256-sha384,aes256-sha384-modp1536,aes256-sha384,aes256-sha384-modp1024,aes256-sha384,aes256-sha256-modp8192,aes256-sha256,aes256-sha256-modp6144,aes256-sha256,aes256-sha256-modp4096,aes256-sha256,aes256-sha256-modp3072,aes256-sha256,aes256-sha256-modp2048,aes256-sha256,aes256-sha256-modp1536,aes256-sha256,aes256-sha256-modp1024,aes256-sha256,aes256-aesxcbc-modp8192,aes256-aesxcbc,aes256-aesxcbc-modp6144,aes256-aesxcbc,aes256-aesxcbc-modp4096,aes256-aesxcbc,aes256-aesxcbc-modp3072,aes256-aesxcbc,aes256-aesxcbc-modp2048,aes256-aesxcbc,aes256-aesxcbc-modp1536,aes256-aesxcbc,aes256-aesxcbc-modp1024,aes256-aesxcbc,aes256-sha1-modp8192,aes256-sha1,aes256-sha1-modp6144,aes256-sha1,aes256-sha1-modp4096,aes256-sha1,aes256-sha1-modp3072,aes256-sha1,aes256-sha1-modp2048,aes256-sha1,aes256-sha1-modp1536,aes256-sha1,aes256-sha1-modp1024,aes256-sha1,aes256-sha-modp8192,aes256-sha,aes256-sha-modp6144,aes256-sha,aes256-sha-modp4096,aes256-sha,aes256-sha-modp3072,aes256-sha,aes256-sha-modp2048,aes256-sha,aes256-sha-modp1536,aes256-sha,aes256-sha-modp1024,aes256-sha,aes256-md5-modp8192,aes256-md5,aes256-md5-modp6144,aes256-md5,aes256-md5-modp4096,aes256-md5,aes256-md5-modp3072,aes256-md5,aes256-md5-modp2048,aes256-md5,aes256-md5-modp1536,aes256-md5,aes256-md5-modp1024,aes256-md5,aes192-sha512-modp8192,aes192-sha512,aes192-sha512-modp6144,aes192-sha512,aes192-sha512-modp4096,aes192-sha512,aes192-sha512-modp3072,aes192-sha512,aes192-sha512-modp2048,aes192-sha512,aes192-sha512-modp1536,aes192-sha512,aes192-sha512-modp1024,aes192-sha512,aes192-sha384-modp8192,aes192-sha384,aes192-sha384-modp6144,aes192-sha384,aes192-sha384-modp4096,aes192-sha384,aes192-sha384-modp3072,aes192-sha384,aes192-sha384-modp2048,aes192-sha384,aes192-sha384-modp1536,aes192-sha384,aes192-sha384-modp1024,aes192-sha384,aes192-sha256-modp8192,aes192-sha256,aes192-sha256-modp6144,aes192-sha256,aes192-sha256-modp4096,aes192-sha256,aes192-sha256-modp3072,aes192-sha256,aes192-sha256-modp2048,aes192-sha256,aes192-sha256-modp1536,aes192-sha256,aes192-sha256-modp1024,aes192-sha256,aes192-aesxcbc-modp8192,aes192-aesxcbc,aes192-aesxcbc-modp6144,aes192-aesxcbc,aes192-aesxcbc-modp4096,aes192-aesxcbc,aes192-aesxcbc-modp3072,aes192-aesxcbc,aes192-aesxcbc-modp2048,aes192-aesxcbc,aes192-aesxcbc-modp1536,aes192-aesxcbc,aes192-aesxcbc-modp1024,aes192-aesxcbc,aes192-sha1-modp8192,aes192-sha1,aes192-sha1-modp6144,aes192-sha1,aes192-sha1-modp4096,aes192-sha1,aes192-sha1-modp3072,aes192-sha1,aes192-sha1-modp2048,aes192-sha1,aes192-sha1-modp1536,aes192-sha1,aes192-sha1-modp1024,aes192-sha1,aes192-sha-modp8192,aes192-sha,aes192-sha-modp6144,aes192-sha,aes192-sha-modp4096,aes192-sha,aes192-sha-modp3072,aes192-sha,aes192-sha-modp2048,aes192-sha,aes192-sha-modp1536,aes192-sha,aes192-sha-modp1024,aes192-sha,aes192-md5-modp8192,aes192-md5,aes192-md5-modp6144,aes192-md5,aes192-md5-modp4096,aes192-md5,aes192-md5-modp3072,aes192-md5,aes192-md5-modp2048,aes192-md5,aes192-md5-modp1536,aes192-md5,aes192-md5-modp1024,aes192-md5,aes128-sha512-modp8192,aes128-sha512,aes128-sha512-modp6144,aes128-sha512,aes128-sha512-modp4096,aes128-sha512,aes128-sha512-modp3072,aes128-sha512,aes128-sha512-modp2048,aes128-sha512,aes128-sha512-modp1536,aes128-sha512,aes128-sha512-modp1024,aes128-sha512,aes128-sha384-modp8192,aes128-sha384,aes128-sha384-modp6144,aes128-sha384,aes128-sha384-modp4096,aes128-sha384,aes128-sha384-modp3072,aes128-sha384,aes128-sha384-modp2048,aes128-sha384,aes128-sha384-modp1536,aes128-sha384,aes128-sha384-modp1024,aes128-sha384,aes128-sha256-modp8192,aes128-sha256,aes128-sha256-modp6144,aes128-sha256,aes128-sha256-modp4096,aes128-sha256,aes128-sha256-modp3072,aes128-sha256,aes128-sha256-modp2048,aes128-sha256,aes128-sha256-modp1536,aes128-sha256,aes128-sha256-modp1024,aes128-sha256,aes128-aesxcbc-modp8192,aes128-aesxcbc,aes128-aesxcbc-modp6144,aes128-aesxcbc,aes128-aesxcbc-modp4096,aes128-aesxcbc,aes128-aesxcbc-modp3072,aes128-aesxcbc,aes128-aesxcbc-modp2048,aes128-aesxcbc,aes128-aesxcbc-modp1536,aes128-aesxcbc,aes128-aesxcbc-modp1024,aes128-aesxcbc,aes128-sha1-modp8192,aes128-sha1,aes128-sha1-modp6144,aes128-sha1,aes128-sha1-modp4096,aes128-sha1,aes128-sha1-modp3072,aes128-sha1,aes128-sha1-modp2048,aes128-sha1,aes128-sha1-modp1536,aes128-sha1,aes128-sha1-modp1024,aes128-sha1,aes128-sha-modp8192,aes128-sha,aes128-sha-modp6144,aes128-sha,aes128-sha-modp4096,aes128-sha,aes128-sha-modp3072,aes128-sha,aes128-sha-modp2048,aes128-sha,aes128-sha-modp1536,aes128-sha,aes128-sha-modp1024,aes128-sha,aes128-md5-modp8192,aes128-md5,aes128-md5-modp6144,aes128-md5,aes128-md5-modp4096,aes128-md5,aes128-md5-modp3072,aes128-md5,aes128-md5-modp2048,aes128-md5,aes128-md5-modp1536,aes128-md5,aes128-md5-modp1024,aes128-md5,3des-sha512-modp8192,3des-sha512,3des-sha512-modp6144,3des-sha512,3des-sha512-modp4096,3des-sha512,3des-sha512-modp3072,3des-sha512,3des-sha512-modp2048,3des-sha512,3des-sha512-modp1536,3des-sha512,3des-sha512-modp1024,3des-sha512,3des-sha384-modp8192,3des-sha384,3des-sha384-modp6144,3des-sha384,3des-sha384-modp4096,3des-sha384,3des-sha384-modp3072,3des-sha384,3des-sha384-modp2048,3des-sha384,3des-sha384-modp1536,3des-sha384,3des-sha384-modp1024,3des-sha384,3des-sha256-modp8192,3des-sha256,3des-sha256-modp6144,3des-sha256,3des-sha256-modp4096,3des-sha256,3des-sha256-modp3072,3des-sha256,3des-sha256-modp2048,3des-sha256,3des-sha256-modp1536,3des-sha256,3des-sha256-modp1024,3des-sha256,3des-aesxcbc-modp8192,3des-aesxcbc,3des-aesxcbc-modp6144,3des-aesxcbc,3des-aesxcbc-modp4096,3des-aesxcbc,3des-aesxcbc-modp3072,3des-aesxcbc,3des-aesxcbc-modp2048,3des-aesxcbc,3des-aesxcbc-modp1536,3des-aesxcbc,3des-aesxcbc-modp1024,3des-aesxcbc,3des-sha1-modp8192,3des-sha1,3des-sha1-modp6144,3des-sha1,3des-sha1-modp4096,3des-sha1,3des-sha1-modp3072,3des-sha1,3des-sha1-modp2048,3des-sha1,3des-sha1-modp1536,3des-sha1,3des-sha1-modp1024,3des-sha1,3des-sha-modp8192,3des-sha,3des-sha-modp6144,3des-sha,3des-sha-modp4096,3des-sha,3des-sha-modp3072,3des-sha,3des-sha-modp2048,3des-sha,3des-sha-modp1536,3des-sha,3des-sha-modp1024,3des-sha,3des-md5-modp8192,3des-md5,3des-md5-modp6144,3des-md5,3des-md5-modp4096,3des-md5,3des-md5-modp3072,3des-md5,3des-md5-modp2048,3des-md5,3des-md5-modp1536,3des-md5,3des-md5-modp1024,3des-md5,null-sha512-modp8192,null-sha512,null-sha512-modp6144,null-sha512,null-sha512-modp4096,null-sha512,null-sha512-modp3072,null-sha512,null-sha512-modp2048,null-sha512,null-sha512-modp1536,null-sha512,null-sha512-modp1024,null-sha512,null-sha384-modp8192,null-sha384,null-sha384-modp6144,null-sha384,null-sha384-modp4096,null-sha384,null-sha384-modp3072,null-sha384,null-sha384-modp2048,null-sha384,null-sha384-modp1536,null-sha384,null-sha384-modp1024,null-sha384,null-sha256-modp8192,null-sha256,null-sha256-modp6144,null-sha256,null-sha256-modp4096,null-sha256,null-sha256-modp3072,null-sha256,null-sha256-modp2048,null-sha256,null-sha256-modp1536,null-sha256,null-sha256-modp1024,null-sha256,null-aesxcbc-modp8192,null-aesxcbc,null-aesxcbc-modp6144,null-aesxcbc,null-aesxcbc-modp4096,null-aesxcbc,null-aesxcbc-modp3072,null-aesxcbc,null-aesxcbc-modp2048,null-aesxcbc,null-aesxcbc-modp1536,null-aesxcbc,null-aesxcbc-modp1024,null-aesxcbc,null-sha1-modp8192,null-sha1,null-sha1-modp6144,null-sha1,null-sha1-modp4096,null-sha1,null-sha1-modp3072,null-sha1,null-sha1-modp2048,null-sha1,null-sha1-modp1536,null-sha1,null-sha1-modp1024,null-sha1,null-sha-modp8192,null-sha,null-sha-modp6144,null-sha,null-sha-modp4096,null-sha,null-sha-modp3072,null-sha,null-sha-modp2048,null-sha,null-sha-modp1536,null-sha,null-sha-modp1024,null-sha,null-md5-modp8192,null-md5,null-md5-modp6144,null-md5,null-md5-modp4096,null-md5,null-md5-modp3072,null-md5,null-md5-modp2048,null-md5,null-md5-modp1536,null-md5,null-md5-modp1024,null-md5!
    esp=aes256-sha512-modp8192,aes256-sha512,aes256-sha512-modp6144,aes256-sha512,aes256-sha512-modp4096,aes256-sha512,aes256-sha512-modp3072,aes256-sha512,aes256-sha512-modp2048,aes256-sha512,aes256-sha512-modp1536,aes256-sha512,aes256-sha512-modp1024,aes256-sha512,aes256-sha384-modp8192,aes256-sha384,aes256-sha384-modp6144,aes256-sha384,aes256-sha384-modp4096,aes256-sha384,aes256-sha384-modp3072,aes256-sha384,aes256-sha384-modp2048,aes256-sha384,aes256-sha384-modp1536,aes256-sha384,aes256-sha384-modp1024,aes256-sha384,aes256-sha256-modp8192,aes256-sha256,aes256-sha256-modp6144,aes256-sha256,aes256-sha256-modp4096,aes256-sha256,aes256-sha256-modp3072,aes256-sha256,aes256-sha256-modp2048,aes256-sha256,aes256-sha256-modp1536,aes256-sha256,aes256-sha256-modp1024,aes256-sha256,aes256-aes256gmac-modp8192,aes256-aes256gmac,aes256-aes256gmac-modp6144,aes256-aes256gmac,aes256-aes256gmac-modp4096,aes256-aes256gmac,aes256-aes256gmac-modp3072,aes256-aes256gmac,aes256-aes256gmac-modp2048,aes256-aes256gmac,aes256-aes256gmac-modp1536,aes256-aes256gmac,aes256-aes256gmac-modp1024,aes256-aes256gmac,aes256-aes192gmac-modp8192,aes256-aes192gmac,aes256-aes192gmac-modp6144,aes256-aes192gmac,aes256-aes192gmac-modp4096,aes256-aes192gmac,aes256-aes192gmac-modp3072,aes256-aes192gmac,aes256-aes192gmac-modp2048,aes256-aes192gmac,aes256-aes192gmac-modp1536,aes256-aes192gmac,aes256-aes192gmac-modp1024,aes256-aes192gmac,aes256-aes128gmac-modp8192,aes256-aes128gmac,aes256-aes128gmac-modp6144,aes256-aes128gmac,aes256-aes128gmac-modp4096,aes256-aes128gmac,aes256-aes128gmac-modp3072,aes256-aes128gmac,aes256-aes128gmac-modp2048,aes256-aes128gmac,aes256-aes128gmac-modp1536,aes256-aes128gmac,aes256-aes128gmac-modp1024,aes256-aes128gmac,aes256-aesxcbc-modp8192,aes256-aesxcbc,aes256-aesxcbc-modp6144,aes256-aesxcbc,aes256-aesxcbc-modp4096,aes256-aesxcbc,aes256-aesxcbc-modp3072,aes256-aesxcbc,aes256-aesxcbc-modp2048,aes256-aesxcbc,aes256-aesxcbc-modp1536,aes256-aesxcbc,aes256-aesxcbc-modp1024,aes256-aesxcbc,aes256-sha-modp8192,aes256-sha,aes256-sha-modp6144,aes256-sha,aes256-sha-modp4096,aes256-sha,aes256-sha-modp3072,aes256-sha,aes256-sha-modp2048,aes256-sha,aes256-sha-modp1536,aes256-sha,aes256-sha-modp1024,aes256-sha,aes256-sha1-modp8192,aes256-sha1,aes256-sha1-modp6144,aes256-sha1,aes256-sha1-modp4096,aes256-sha1,aes256-sha1-modp3072,aes256-sha1,aes256-sha1-modp2048,aes256-sha1,aes256-sha1-modp1536,aes256-sha1,aes256-sha1-modp1024,aes256-sha1,aes256-md5_128-modp8192,aes256-md5_128,aes256-md5_128-modp6144,aes256-md5_128,aes256-md5_128-modp4096,aes256-md5_128,aes256-md5_128-modp3072,aes256-md5_128,aes256-md5_128-modp2048,aes256-md5_128,aes256-md5_128-modp1536,aes256-md5_128,aes256-md5_128-modp1024,aes256-md5_128,aes256-md5-modp8192,aes256-md5,aes256-md5-modp6144,aes256-md5,aes256-md5-modp4096,aes256-md5,aes256-md5-modp3072,aes256-md5,aes256-md5-modp2048,aes256-md5,aes256-md5-modp1536,aes256-md5,aes256-md5-modp1024,aes256-md5,aes192-sha512-modp8192,aes192-sha512,aes192-sha512-modp6144,aes192-sha512,aes192-sha512-modp4096,aes192-sha512,aes192-sha512-modp3072,aes192-sha512,aes192-sha512-modp2048,aes192-sha512,aes192-sha512-modp1536,aes192-sha512,aes192-sha512-modp1024,aes192-sha512,aes192-sha384-modp8192,aes192-sha384,aes192-sha384-modp6144,aes192-sha384,aes192-sha384-modp4096,aes192-sha384,aes192-sha384-modp3072,aes192-sha384,aes192-sha384-modp2048,aes192-sha384,aes192-sha384-modp1536,aes192-sha384,aes192-sha384-modp1024,aes192-sha384,aes192-sha256-modp8192,aes192-sha256,aes192-sha256-modp6144,aes192-sha256,aes192-sha256-modp4096,aes192-sha256,aes192-sha256-modp3072,aes192-sha256,aes192-sha256-modp2048,aes192-sha256,aes192-sha256-modp1536,aes192-sha256,aes192-sha256-modp1024,aes192-sha256,aes192-aes256gmac-modp8192,aes192-aes256gmac,aes192-aes256gmac-modp6144,aes192-aes256gmac,aes192-aes256gmac-modp4096,aes192-aes256gmac,aes192-aes256gmac-modp3072,aes192-aes256gmac,aes192-aes256gmac-modp2048,aes192-aes256gmac,aes192-aes256gmac-modp1536,aes192-aes256gmac,aes192-aes256gmac-modp1024,aes192-aes256gmac,aes192-aes192gmac-modp8192,aes192-aes192gmac,aes192-aes192gmac-modp6144,aes192-aes192gmac,aes192-aes192gmac-modp4096,aes192-aes192gmac,aes192-aes192gmac-modp3072,aes192-aes192gmac,aes192-aes192gmac-modp2048,aes192-aes192gmac,aes192-aes192gmac-modp1536,aes192-aes192gmac,aes192-aes192gmac-modp1024,aes192-aes192gmac,aes192-aes128gmac-modp8192,aes192-aes128gmac,aes192-aes128gmac-modp6144,aes192-aes128gmac,aes192-aes128gmac-modp4096,aes192-aes128gmac,aes192-aes128gmac-modp3072,aes192-aes128gmac,aes192-aes128gmac-modp2048,aes192-aes128gmac,aes192-aes128gmac-modp1536,aes192-aes128gmac,aes192-aes128gmac-modp1024,aes192-aes128gmac,aes192-aesxcbc-modp8192,aes192-aesxcbc,aes192-aesxcbc-modp6144,aes192-aesxcbc,aes192-aesxcbc-modp4096,aes192-aesxcbc,aes192-aesxcbc-modp3072,aes192-aesxcbc,aes192-aesxcbc-modp2048,aes192-aesxcbc,aes192-aesxcbc-modp1536,aes192-aesxcbc,aes192-aesxcbc-modp1024,aes192-aesxcbc,aes192-sha-modp8192,aes192-sha,aes192-sha-modp6144,aes192-sha,aes192-sha-modp4096,aes192-sha,aes192-sha-modp3072,aes192-sha,aes192-sha-modp2048,aes192-sha,aes192-sha-modp1536,aes192-sha,aes192-sha-modp1024,aes192-sha,aes192-sha1-modp8192,aes192-sha1,aes192-sha1-modp6144,aes192-sha1,aes192-sha1-modp4096,aes192-sha1,aes192-sha1-modp3072,aes192-sha1,aes192-sha1-modp2048,aes192-sha1,aes192-sha1-modp1536,aes192-sha1,aes192-sha1-modp1024,aes192-sha1,aes192-md5_128-modp8192,aes192-md5_128,aes192-md5_128-modp6144,aes192-md5_128,aes192-md5_128-modp4096,aes192-md5_128,aes192-md5_128-modp3072,aes192-md5_128,aes192-md5_128-modp2048,aes192-md5_128,aes192-md5_128-modp1536,aes192-md5_128,aes192-md5_128-modp1024,aes192-md5_128,aes192-md5-modp8192,aes192-md5,aes192-md5-modp6144,aes192-md5,aes192-md5-modp4096,aes192-md5,aes192-md5-modp3072,aes192-md5,aes192-md5-modp2048,aes192-md5,aes192-md5-modp1536,aes192-md5,aes192-md5-modp1024,aes192-md5,aes128-sha512-modp8192,aes128-sha512,aes128-sha512-modp6144,aes128-sha512,aes128-sha512-modp4096,aes128-sha512,aes128-sha512-modp3072,aes128-sha512,aes128-sha512-modp2048,aes128-sha512,aes128-sha512-modp1536,aes128-sha512,aes128-sha512-modp1024,aes128-sha512,aes128-sha384-modp8192,aes128-sha384,aes128-sha384-modp6144,aes128-sha384,aes128-sha384-modp4096,aes128-sha384,aes128-sha384-modp3072,aes128-sha384,aes128-sha384-modp2048,aes128-sha384,aes128-sha384-modp1536,aes128-sha384,aes128-sha384-modp1024,aes128-sha384,aes128-sha256-modp8192,aes128-sha256,aes128-sha256-modp6144,aes128-sha256,aes128-sha256-modp4096,aes128-sha256,aes128-sha256-modp3072,aes128-sha256,aes128-sha256-modp2048,aes128-sha256,aes128-sha256-modp1536,aes128-sha256,aes128-sha256-modp1024,aes128-sha256,aes128-aes256gmac-modp8192,aes128-aes256gmac,aes128-aes256gmac-modp6144,aes128-aes256gmac,aes128-aes256gmac-modp4096,aes128-aes256gmac,aes128-aes256gmac-modp3072,aes128-aes256gmac,aes128-aes256gmac-modp2048,aes128-aes256gmac,aes128-aes256gmac-modp1536,aes128-aes256gmac,aes128-aes256gmac-modp1024,aes128-aes256gmac,aes128-aes192gmac-modp8192,aes128-aes192gmac,aes128-aes192gmac-modp6144,aes128-aes192gmac,aes128-aes192gmac-modp4096,aes128-aes192gmac,aes128-aes192gmac-modp3072,aes128-aes192gmac,aes128-aes192gmac-modp2048,aes128-aes192gmac,aes128-aes192gmac-modp1536,aes128-aes192gmac,aes128-aes192gmac-modp1024,aes128-aes192gmac,aes128-aes128gmac-modp8192,aes128-aes128gmac,aes128-aes128gmac-modp6144,aes128-aes128gmac,aes128-aes128gmac-modp4096,aes128-aes128gmac,aes128-aes128gmac-modp3072,aes128-aes128gmac,aes128-aes128gmac-modp2048,aes128-aes128gmac,aes128-aes128gmac-modp1536,aes128-aes128gmac,aes128-aes128gmac-modp1024,aes128-aes128gmac,aes128-aesxcbc-modp8192,aes128-aesxcbc,aes128-aesxcbc-modp6144,aes128-aesxcbc,aes128-aesxcbc-modp4096,aes128-aesxcbc,aes128-aesxcbc-modp3072,aes128-aesxcbc,aes128-aesxcbc-modp2048,aes128-aesxcbc,aes128-aesxcbc-modp1536,aes128-aesxcbc,aes128-aesxcbc-modp1024,aes128-aesxcbc,aes128-sha-modp8192,aes128-sha,aes128-sha-modp6144,aes128-sha,aes128-sha-modp4096,aes128-sha,aes128-sha-modp3072,aes128-sha,aes128-sha-modp2048,aes128-sha,aes128-sha-modp1536,aes128-sha,aes128-sha-modp1024,aes128-sha,aes128-sha1-modp8192,aes128-sha1,aes128-sha1-modp6144,aes128-sha1,aes128-sha1-modp4096,aes128-sha1,aes128-sha1-modp3072,aes128-sha1,aes128-sha1-modp2048,aes128-sha1,aes128-sha1-modp1536,aes128-sha1,aes128-sha1-modp1024,aes128-sha1,aes128-md5_128-modp8192,aes128-md5_128,aes128-md5_128-modp6144,aes128-md5_128,aes128-md5_128-modp4096,aes128-md5_128,aes128-md5_128-modp3072,aes128-md5_128,aes128-md5_128-modp2048,aes128-md5_128,aes128-md5_128-modp1536,aes128-md5_128,aes128-md5_128-modp1024,aes128-md5_128,aes128-md5-modp8192,aes128-md5,aes128-md5-modp6144,aes128-md5,aes128-md5-modp4096,aes128-md5,aes128-md5-modp3072,aes128-md5,aes128-md5-modp2048,aes128-md5,aes128-md5-modp1536,aes128-md5,aes128-md5-modp1024,aes128-md5,3des-sha512-modp8192,3des-sha512,3des-sha512-modp6144,3des-sha512,3des-sha512-modp4096,3des-sha512,3des-sha512-modp3072,3des-sha512,3des-sha512-modp2048,3des-sha512,3des-sha512-modp1536,3des-sha512,3des-sha512-modp1024,3des-sha512,3des-sha384-modp8192,3des-sha384,3des-sha384-modp6144,3des-sha384,3des-sha384-modp4096,3des-sha384,3des-sha384-modp3072,3des-sha384,3des-sha384-modp2048,3des-sha384,3des-sha384-modp1536,3des-sha384,3des-sha384-modp1024,3des-sha384,3des-sha256-modp8192,3des-sha256,3des-sha256-modp6144,3des-sha256,3des-sha256-modp4096,3des-sha256,3des-sha256-modp3072,3des-sha256,3des-sha256-modp2048,3des-sha256,3des-sha256-modp1536,3des-sha256,3des-sha256-modp1024,3des-sha256,3des-aes256gmac-modp8192,3des-aes256gmac,3des-aes256gmac-modp6144,3des-aes256gmac,3des-aes256gmac-modp4096,3des-aes256gmac,3des-aes256gmac-modp3072,3des-aes256gmac,3des-aes256gmac-modp2048,3des-aes256gmac,3des-aes256gmac-modp1536,3des-aes256gmac,3des-aes256gmac-modp1024,3des-aes256gmac,3des-aes192gmac-modp8192,3des-aes192gmac,3des-aes192gmac-modp6144,3des-aes192gmac,3des-aes192gmac-modp4096,3des-aes192gmac,3des-aes192gmac-modp3072,3des-aes192gmac,3des-aes192gmac-modp2048,3des-aes192gmac,3des-aes192gmac-modp1536,3des-aes192gmac,3des-aes192gmac-modp1024,3des-aes192gmac,3des-aes128gmac-modp8192,3des-aes128gmac,3des-aes128gmac-modp6144,3des-aes128gmac,3des-aes128gmac-modp4096,3des-aes128gmac,3des-aes128gmac-modp3072,3des-aes128gmac,3des-aes128gmac-modp2048,3des-aes128gmac,3des-aes128gmac-modp1536,3des-aes128gmac,3des-aes128gmac-modp1024,3des-aes128gmac,3des-aesxcbc-modp8192,3des-aesxcbc,3des-aesxcbc-modp6144,3des-aesxcbc,3des-aesxcbc-modp4096,3des-aesxcbc,3des-aesxcbc-modp3072,3des-aesxcbc,3des-aesxcbc-modp2048,3des-aesxcbc,3des-aesxcbc-modp1536,3des-aesxcbc,3des-aesxcbc-modp1024,3des-aesxcbc,3des-sha-modp8192,3des-sha,3des-sha-modp6144,3des-sha,3des-sha-modp4096,3des-sha,3des-sha-modp3072,3des-sha,3des-sha-modp2048,3des-sha,3des-sha-modp1536,3des-sha,3des-sha-modp1024,3des-sha,3des-sha1-modp8192,3des-sha1,3des-sha1-modp6144,3des-sha1,3des-sha1-modp4096,3des-sha1,3des-sha1-modp3072,3des-sha1,3des-sha1-modp2048,3des-sha1,3des-sha1-modp1536,3des-sha1,3des-sha1-modp1024,3des-sha1,3des-md5_128-modp8192,3des-md5_128,3des-md5_128-modp6144,3des-md5_128,3des-md5_128-modp4096,3des-md5_128,3des-md5_128-modp3072,3des-md5_128,3des-md5_128-modp2048,3des-md5_128,3des-md5_128-modp1536,3des-md5_128,3des-md5_128-modp1024,3des-md5_128,3des-md5-modp8192,3des-md5,3des-md5-modp6144,3des-md5,3des-md5-modp4096,3des-md5,3des-md5-modp3072,3des-md5,3des-md5-modp2048,3des-md5,3des-md5-modp1536,3des-md5,3des-md5-modp1024,3des-md5,null-sha512-modp8192,null-sha512,null-sha512-modp6144,null-sha512,null-sha512-modp4096,null-sha512,null-sha512-modp3072,null-sha512,null-sha512-modp2048,null-sha512,null-sha512-modp1536,null-sha512,null-sha512-modp1024,null-sha512,null-sha384-modp8192,null-sha384,null-sha384-modp6144,null-sha384,null-sha384-modp4096,null-sha384,null-sha384-modp3072,null-sha384,null-sha384-modp2048,null-sha384,null-sha384-modp1536,null-sha384,null-sha384-modp1024,null-sha384,null-sha256-modp8192,null-sha256,null-sha256-modp6144,null-sha256,null-sha256-modp4096,null-sha256,null-sha256-modp3072,null-sha256,null-sha256-modp2048,null-sha256,null-sha256-modp1536,null-sha256,null-sha256-modp1024,null-sha256,null-aes256gmac-modp8192,null-aes256gmac,null-aes256gmac-modp6144,null-aes256gmac,null-aes256gmac-modp4096,null-aes256gmac,null-aes256gmac-modp3072,null-aes256gmac,null-aes256gmac-modp2048,null-aes256gmac,null-aes256gmac-modp1536,null-aes256gmac,null-aes256gmac-modp1024,null-aes256gmac,null-aes192gmac-modp8192,null-aes192gmac,null-aes192gmac-modp6144,null-aes192gmac,null-aes192gmac-modp4096,null-aes192gmac,null-aes192gmac-modp3072,null-aes192gmac,null-aes192gmac-modp2048,null-aes192gmac,null-aes192gmac-modp1536,null-aes192gmac,null-aes192gmac-modp1024,null-aes192gmac,null-aes128gmac-modp8192,null-aes128gmac,null-aes128gmac-modp6144,null-aes128gmac,null-aes128gmac-modp4096,null-aes128gmac,null-aes128gmac-modp3072,null-aes128gmac,null-aes128gmac-modp2048,null-aes128gmac,null-aes128gmac-modp1536,null-aes128gmac,null-aes128gmac-modp1024,null-aes128gmac,null-aesxcbc-modp8192,null-aesxcbc,null-aesxcbc-modp6144,null-aesxcbc,null-aesxcbc-modp4096,null-aesxcbc,null-aesxcbc-modp3072,null-aesxcbc,null-aesxcbc-modp2048,null-aesxcbc,null-aesxcbc-modp1536,null-aesxcbc,null-aesxcbc-modp1024,null-aesxcbc,null-sha-modp8192,null-sha,null-sha-modp6144,null-sha,null-sha-modp4096,null-sha,null-sha-modp3072,null-sha,null-sha-modp2048,null-sha,null-sha-modp1536,null-sha,null-sha-modp1024,null-sha,null-sha1-modp8192,null-sha1,null-sha1-modp6144,null-sha1,null-sha1-modp4096,null-sha1,null-sha1-modp3072,null-sha1,null-sha1-modp2048,null-sha1,null-sha1-modp1536,null-sha1,null-sha1-modp1024,null-sha1,null-md5_128-modp8192,null-md5_128,null-md5_128-modp6144,null-md5_128,null-md5_128-modp4096,null-md5_128,null-md5_128-modp3072,null-md5_128,null-md5_128-modp2048,null-md5_128,null-md5_128-modp1536,null-md5_128,null-md5_128-modp1024,null-md5_128,null-md5-modp8192,null-md5,null-md5-modp6144,null-md5,null-md5-modp4096,null-md5,null-md5-modp3072,null-md5,null-md5-modp2048,null-md5,null-md5-modp1536,null-md5,null-md5-modp1024,null-md5!
    ikelifetime=86400s
    lifetime=28800s
    left=x.x.x.x
    right=y.y.y.y
    leftsubnet=a.b.c.0/24
    rightsubnet=d.e.f.0/24
    rightid=%any


More information about the Dev mailing list