[strongSwan] IKEv1 - Authentication Methods - RFC 2409 Public Key Encryption support in Strongswan
Salib, Emil Habib - salibeh
salibeh at jmu.edu
Wed Jun 29 02:55:35 CEST 2011
Hello Andreas,
Thanks for your quick response.
Another question: Do you know if StrongSwan inter-operates with Cisco routers (e.g. 3640 ) set up with a crypto isakmp policy of authentication : rsa_enc?
Best regards
Emil
________________________________________
From: Andreas Steffen [andreas.steffen at strongswan.org]
Sent: Tuesday, June 28, 2011 5:20 AM
To: Salib, Emil Habib - salibeh
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] IKEv1 - Authentication Methods - RFC 2409 Public Key Encryption support in Strongswan
Hello Emil,
to my best knowledge nobody implemented IKEv1 public key encryption
and therefore strongSwan didn't either. Everyone is using digital
signatures.
Best regards
Andreas
On 06/28/2011 02:38 AM, Emil Salib wrote:
> Hello,
> My question is to do with IKEv1 Phase 1 Authentication. RFC 2409 specifies 4
> different Authentications: A shared secret, A digital signature, Public key
> encryption and Revised public key encryption. Using StrongSwan 4.4.0, I was able
> to set up net2net PSK , net2net digital signature using both RAW RSA and X.509
> certificates. Is there a way to set up a net2net with the 2409 public key
> encryption authentication method (where the ID and Nonce in the second and third
> ISKAMP (main mode) messages are encrypted) using StrongSwan?
> Thanks
> Emil
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list