[strongSwan] Question on IKEv2
Chris Arnold
carnold at electrichendrix.com
Mon Apr 2 22:34:33 CEST 2012
I have been trying to get a tunnel between strongSwan 4.4.x and a sonicwall TZ180W to no avail. I have tried every combination known on the sonicwall and every combination i know on the strongSwan side. My last try was ikev2 and i think this might be the problem. This was found this on a StrongSong thread found http://download.strongswan.org/CHANGES42.txt
strongswan-4.0.0
----------------
- initial support of the IKEv2 protocol. Connections in
ipsec.conf designated by keyexchange=ikev2 are negotiated
by the new IKEv2 charon keying daemon whereas those marked
by keyexchange=ikev1 or the default keyexchange=ike are
handled thy the IKEv1 pluto keying daemon. Currently only
a limited subset of functions are available with IKEv2
(Default AES encryption, authentication based on locally
imported X.509 certificates, unencrypted private RSA keys
in PKCS#1 file format, limited functionality of the ipsec
status command).
AES encryption, authentication based on locally imported X.509 certificates, unencrypted private RSA keys in PKCS#1 file format, limited functionality of the ipsec status command, is this a AND/OR list? Do you have to have certs to use ikev2 or can you do 1 of the other auth in the list?
More information about the Users
mailing list