[strongSwan] Question on IKEv2
Andreas Steffen
andreas.steffen at strongswan.org
Mon Apr 2 23:47:10 CEST 2012
Hi Chris,
why do you go six years back in time?
strongSwan is currently one of the most complete IKEv2 implementations
that exist and already 4.4 supports all major authentication methods
including PSKs, X.509 certificates and EAP. Just have a look at our
configuration examples:
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples
Regards
Andreas
On 04/02/2012 10:34 PM, Chris Arnold wrote:
> I have been trying to get a tunnel between strongSwan 4.4.x and a
> sonicwall TZ180W to no avail. I have tried every combination known on
> the sonicwall and every combination i know on the strongSwan side. My
> last try was ikev2 and i think this might be the problem. This was
> found this on a StrongSong thread found
> http://download.strongswan.org/CHANGES42.txt
>
> strongswan-4.0.0 ----------------
>
> - initial support of the IKEv2 protocol. Connections in ipsec.conf
> designated by keyexchange=ikev2 are negotiated by the new IKEv2
> charon keying daemon whereas those marked by keyexchange=ikev1 or the
> default keyexchange=ike are handled thy the IKEv1 pluto keying
> daemon. Currently only a limited subset of functions are available
> with IKEv2 (Default AES encryption, authentication based on locally
> imported X.509 certificates, unencrypted private RSA keys in PKCS#1
> file format, limited functionality of the ipsec status command).
>
> AES encryption, authentication based on locally imported X.509
> certificates, unencrypted private RSA keys in PKCS#1 file format,
> limited functionality of the ipsec status command, is this a AND/OR
> list? Do you have to have certs to use ikev2 or can you do 1 of the
> other auth in the list?
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list