[strongSwan] IPSec Configuration - IKEv1 with PFS
Newton, Benjamin David
bdnewto at sandia.gov
Thu Jan 25 01:26:09 CET 2018
I am trying to set up a site-to-site VPN using StrongSwan. The requirements for the VPN are:
? Encapsulation Security Payload (ESP)
? Encryption: AES-256
? Authentication: SHA-1
? IPSec / IKE Authentication: Pre-shared secret and digital certificate
? IKE: Version 1
? IKE phase 1: Diffie-Hellman group 5
? Perfect Forward Secrecy (PFS): Diffie-Hellman group 1
? Pre-shared secret key
I have the following as a start in my ipsec.conf file
However, I don't know how to specify the Perfect Forward Secrecy (PFS) as DH group 1.
I'm also uncertain if the other entries are correct for the requirements above. (Do I need to specify the digital certificate?) (Do I need both an ike and esp line?)
Any suggestions, or help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users