User Tools

Site Tools


doc:uci:ipsec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:ipsec [2013/05/05 11:32]
birnenschnitzel
doc:uci:ipsec [2015/02/19 12:04] (current)
birnenschnitzel [Strongswan IPsec Configuration]
Line 1: Line 1:
 ====== Strongswan IPsec Configuration ====== ====== Strongswan IPsec Configuration ======
  
-Linux Charon IPsec daemon can be configured through /​etc/​config/​ipsec. ​This document is in an early alpha state.  +Linux Charon IPsec daemon can be configured through /​etc/​config/​ipsec.
 ===== Sections ===== ===== Sections =====
  
Line 10: Line 9:
 |zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:​howto:​vpn.ipsec.firewall#​zones|firewall zone]]| |zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:​howto:​vpn.ipsec.firewall#​zones|firewall zone]]|
 |listen|list|yes|''​|Interface that accept VPN traffic (empty for all interfaces, multiple lines for several interfaces)| |listen|list|yes|''​|Interface that accept VPN traffic (empty for all interfaces, multiple lines for several interfaces)|
 +|debug|string|no|0|Trace level. Logs are written to /​var/​log/​charon.log|
 ==== remote ==== ==== remote ====
  
Line 28: Line 27:
 ==== p1_proposal ==== ==== p1_proposal ====
  
-Definition of phase 1 proposals+Definition of phase 1 proposals. Derived from [[https://​wiki.strongswan.org/​projects/​strongswan/​wiki/​IKEv1CipherSuites|stronSwan cipher suites]]
  
 ^Name^Type^Required^Default^Description^ ^Name^Type^Required^Default^Description^
 |encryption_algorithm|string|yes|(none)|Phase 1 encryption method (aes128, aes192, aes256, 3des)| |encryption_algorithm|string|yes|(none)|Phase 1 encryption method (aes128, aes192, aes256, 3des)|
 |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) | |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) |
-|dh_group|string|yes|(none)|Diffie-Hellman exponentiation (modp768, ​modep1024, ...|+|dh_group|string|yes|(none)|Diffie-Hellman exponentiation (modp768, ​modp1024, ...|
  
 ==== tunnel ==== ==== tunnel ====
Line 47: Line 46:
 ==== p2_proposal ==== ==== p2_proposal ====
  
-Definition of phase 2 proposal+Definition of phase 2 proposal. Derived from [[https://​wiki.strongswan.org/​projects/​strongswan/​wiki/​IKEv1CipherSuites|stronSwan cipher suites]]
  
 ^Name^Type^Required^Default^Description^ ^Name^Type^Required^Default^Description^
doc/uci/ipsec.1367746321.txt.bz2 · Last modified: 2013/05/05 11:32 by birnenschnitzel