[strongSwan] IPSec Configuration - IKEv1 with PFS
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 26 01:58:38 CET 2018
conn %default is not a real conn. You need to define at least one. Just move all that stuff into some conn with an arbitrary name. E.g. "conn foo".
All other things: Check the UsableExamples article on the wiki.
On 25.01.2018 01:26, Newton, Benjamin David wrote:
> I am trying to set up a site-to-site VPN using StrongSwan. The requirements for the VPN are:
> − Encapsulation Security Payload (ESP)
> − Encryption: AES-256
> − Authentication: SHA-1
> − IPSec / IKE Authentication: Pre-shared secret and digital certificate
> − IKE: Version 1
> − IKE phase 1: Diffie-Hellman group 5
> − Perfect Forward Secrecy (PFS): Diffie-Hellman group 1
> − Pre-shared secret key
> I have the following as a start in my ipsec.conf file
> conn %default
> However, I don't know how to specify the Perfect Forward Secrecy (PFS) as DH group 1.
> I'm also uncertain if the other entries are correct for the requirements above. (Do I need to specify the digital certificate?) (Do I need both an ike and esp line?)
> Any suggestions, or help would be greatly appreciated.
> Ben Newton
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users