[strongSwan] Question on IKEv2

Chris Arnold carnold at electrichendrix.com
Tue Apr 3 00:24:41 CEST 2012


On Apr 2, 2012, at 5:47 PM, Andreas Steffen <andreas.steffen at strongswan.org> wrote:

> Hi Chris,
> 
> why do you go six years back in time?
> 
Are you saying strongSwan 4.0 (the link I posted us 6 yrs old?

 Just have a look at our
> 
> configuration examples:
> 
> 
> 
> On 04/02/2012 10:34 PM, Chris Arnold wrote:
>> I have been trying to get a tunnel between strongSwan 4.4.x and a
>> sonicwall TZ180W to no avail. I have tried every combination known on
>> the sonicwall and every combination i know on the strongSwan side. My
>> last try was ikev2 and i think this might be the problem. This was
>> found this on a StrongSong thread found
>> http://download.strongswan.org/CHANGES42.txt
>> 
>> strongswan-4.0.0 ----------------
>> 
>> - initial support of the IKEv2 protocol. Connections in ipsec.conf
>> designated by keyexchange=ikev2 are negotiated by the new IKEv2
>> charon keying daemon whereas those marked by keyexchange=ikev1 or the
>> default keyexchange=ike are handled thy the IKEv1 pluto keying
>> daemon. Currently only a limited subset of functions are available
>> with IKEv2 (Default AES encryption, authentication based on locally 
>> imported X.509 certificates, unencrypted private RSA keys in PKCS#1
>> file format, limited functionality of the ipsec status command).
>> 
>> AES encryption, authentication based on locally imported X.509
>> certificates, unencrypted private RSA keys in PKCS#1 file format,
>> limited functionality of the ipsec status command, is this a AND/OR
>> list? Do you have to have certs to use ikev2 or can you do 1 of the
>> other auth in the list?
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==




More information about the Users mailing list