[strongSwan] Question on IKEv2

Chris Arnold carnold at electrichendrix.com
Tue Apr 3 00:32:29 CEST 2012 

Sorry I accidentally hit send... Cont'd below.

On Apr 2, 2012, at 6:24 PM, Chris Arnold <carnold at electrichendrix.com> wrote:

> 
> On Apr 2, 2012, at 5:47 PM, Andreas Steffen <andreas.steffen at strongswan.org> wrote:
> 
>> Hi Chris,
>> 
>> why do you go six years back in time?
>> --Are you saying strongSwan 4.0 (the link I posted is 6 yrs old?
> 
> Just have a look at our
>> 
>> configuration examples:
I have looked at those and adapted the site to site with PSK for our needs. The problem is, some of those examples show the wrong stuff. For example, on the IPSec.conf link on the examples shows the load line uncommented. That did not work and I commented that load back. So, are you saying that the ikev2 config I have should work (no certs)?
>> 
>> 
>> 
>> On 04/02/2012 10:34 PM, Chris Arnold wrote:
>>> I have been trying to get a tunnel between strongSwan 4.4.x and a
>>> sonicwall TZ180W to no avail. I have tried every combination known on
>>> the sonicwall and every combination i know on the strongSwan side. My
>>> last try was ikev2 and i think this might be the problem. This was
>>> found this on a StrongSong thread found
>>> http://download.strongswan.org/CHANGES42.txt
>>> 
>>> strongswan-4.0.0 ----------------
>>> 
>>> - initial support of the IKEv2 protocol. Connections in ipsec.conf
>>> designated by keyexchange=ikev2 are negotiated by the new IKEv2
>>> charon keying daemon whereas those marked by keyexchange=ikev1 or the
>>> default keyexchange=ike are handled thy the IKEv1 pluto keying
>>> daemon. Currently only a limited subset of functions are available
>>> with IKEv2 (Default AES encryption, authentication based on locally 
>>> imported X.509 certificates, unencrypted private RSA keys in PKCS#1
>>> file format, limited functionality of the ipsec status command).
>>> 
>>> AES encryption, authentication based on locally imported X.509
>>> certificates, unencrypted private RSA keys in PKCS#1 file format,
>>> limited functionality of the ipsec status command, is this a AND/OR
>>> list? Do you have to have certs to use ikev2 or can you do 1 of the
>>> other auth in the list?
>> 
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Linux VPN Solution!                www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list