Hello,
We are engineers of the Orange Labs, and now we are doing some test for
the ikev2 in the Strongswan environment, we aim to configure the ipsec
like:
DH = 1536-bit MODP Group
PRF = PRF_HMAC_SHA1
ID = ID_KEY_ID
AUTH = RSA Digital Signature
ESP_ENCR = ENCR_AES_CBC or NULL
ESP_AUTH = AUTH_HMAC_SHA1_96 or NULL
We now arrived to configure the ipsec.conf with these parameters like:
-- conn <>
auth = esp
authby = rsasig
ike = modp1536
keyexchange = ikev2
esp = aes128|aes192|aes256|null (for encryption)
esp = sha1|sha (for authentication )
But we still have some problem following:
1, for the ESP_ENCRE and the ESP_AUTH, how can we put the both values
"aes128"(for ESP_ENCRE) and the "sha1"(for ESP_AUTH) to the single "esp"
parameter in the ipsec.conf?
2, we didn't find the right parameters for the "PRF" and the "ID", so do
you have any idea that how we can configure these parameters? Or is
there any document where we can find out some complete description of
the configuration?
Thank you
Orange Labs
Equip MAPS/STT
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
