[strongSwan] IKE Phase 1 and Phase 2 parameters

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Sep 7 13:59:53 CEST 2020


For completeness, if you were to configure an AH CHILD_SA, you'd use the "ah=" parameter instead of the "esp=" parameter.

Kind regards

Noel

Am 06.09.20 um 00:16 schrieb Leroy Tennison:
> Thank you, I appreciate the reply.
> 
> Harriscomputer
> 
> *Leroy Tennison
> *Network Information/Cyber Security Specialist
> E: leroy at datavoiceint.com
> P:
> 
> 	
> 
> 
> 	
> 
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com <http://www..com> 
> This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc.
> 
> If you prefer not to be contacted by Harris Operating Group please notify us <http://subscribe.harriscomputer.com/>.
> 
>  
> 
> This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
> 
>  
> 
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* Andreas Steffen <andreas.steffen at strongswan.org>
> *Sent:* Saturday, September 5, 2020 12:30 AM
> *To:* Leroy Tennison <leroy at datavoiceint.com>; users at lists.strongswan.org <users at lists.strongswan.org>
> *Subject:* [EXTERNAL] Re: [strongSwan] IKE Phase 1 and Phase 2 parameters
>  
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> Hi Leroy,
> 
> the Phase 2 crypto proposals can be set with the "esp=" parameter in
> ipsec.conf.
> 
> Best regards
> 
> Andreas
> 
> On 05.09.20 00:31, Leroy Tennison wrote:
>> I either don't know what to look for on the web or am having trouble
>> finding settings for IKE phase 1 and phase 2 negotiation.  It seems that
>> the '"ike=" ipsec.conf parameter specifies settings for Phase 1 but I'm
>> not finding anything for Phase 2 for Strongswan.  Other IPSec
>> implementations seem to use phase2alg for this but Strongswan either
>> doesn't have this setting or it has another name for it.
>>
>> Can someone explain (or send me a link to an explanation) of how these
>> are decided in Strongswan?  Thanks for your help.
>>
>> Harriscomputer
>>
>> *Leroy Tennison
>> *Network Information/Cyber Security Specialist
>> E: leroy at datavoiceint.com
>> P:
>>
>> 2220 Bush Dr
>> McKinney, Texas
>> 75070
>> https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com&c=E,1,4UegVHmZyooZscjXFpQOeRrNuVWVHl9MV7N5mK2EefQfyvSV6JrqnT_DqdvqHsq2iqVi4U1AB4Yc-bMVDKQCrmpLzAXFqpP43vPM4-vzJA,,&typo=1 <http://www..com>>
>> This message has been sent on behalf of a company that is part of the
>> Harris Operating Group of Constellation Software Inc.
>>
>> If you prefer not to be contacted by Harris Operating Group please
>> notify us <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,qQQq1YvV4u_ZShDLCqe6ghiUzIohwfNuR6V-6AqzFgftMlh-5Nbobp-EOORoIzWq2adFz9aG3LZpUdNYj4upJBJMz07w7sCeQW7TLLFOXsAzMA,,&typo=1>.
>>
>>
>>
>> This message is intended exclusively for the individual or entity to
>> which it is addressed. This communication may contain information that
>> is proprietary, privileged or confidential or otherwise legally exempt
>> from disclosure. If you are not the named addressee, you are not
>> authorized to read, print, retain, copy or disseminate this message or
>> any part of it. If you have received this message in error, please
>> notify the sender immediately by e-mail and delete all copies of the
>> message.
>>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.strongswan.org&c=E,1,TnfXdKEVY4hBsT5BRDWhOhJbEInvn6v4kQOOwPnwCq1oryz4vIZKgVEWr8GMUM_vRSSfXWdMwYIw3X2HHrBarRLeg6E0nrf1gyjJ5CMFc_Nfyn3Iznk,&typo=1
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[INS-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200907/30b59bc9/attachment.sig>


More information about the Users mailing list