[strongSwan] IKEv1 - Authentication Methods - RFC 2409 Public Key Encryption support in Strongswan

Andreas Steffen andreas.steffen at strongswan.org
Wed Jun 29 05:57:13 CEST 2011 

Well, if rsa_enc stands for RSA encryption then strongSwan
does not support this mode (see explananation below).

Andreas

On 06/29/2011 02:55 AM, Salib, Emil Habib - salibeh wrote:
> Hello Andreas, Thanks for your quick response. Another question: Do
> you know if StrongSwan inter-operates with Cisco routers (e.g. 3640 )
> set up with a crypto isakmp policy of authentication : rsa_enc? Best
> regards Emil
> 
> ________________________________________ From: Andreas Steffen
> [andreas.steffen at strongswan.org] Sent: Tuesday, June 28, 2011 5:20
> AM To: Salib, Emil Habib - salibeh Cc: users at lists.strongswan.org 
> Subject: Re: [strongSwan] IKEv1 - Authentication Methods - RFC 2409
> Public Key  Encryption support in Strongswan
> 
> Hello Emil,
> 
> to my best knowledge nobody implemented IKEv1 public key encryption 
> and therefore strongSwan didn't either. Everyone is using digital 
> signatures.
> 
> Best regards
> 
> Andreas
> 
> On 06/28/2011 02:38 AM, Emil Salib wrote:
>> Hello, My question is to do with IKEv1 Phase 1 Authentication. RFC
>> 2409 specifies 4 different Authentications: A shared secret, A
>> digital signature, Public key encryption and Revised public key
>> encryption. Using StrongSwan 4.4.0, I was able to set up net2net
>> PSK , net2net digital signature using both RAW RSA and X.509 
>> certificates.  Is there a way to set up a net2net with the 2409
>> public key encryption authentication method (where the ID and Nonce
>> in the second and third ISKAMP (main mode) messages are encrypted)
>> using StrongSwan? Thanks Emil

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list