strongSwan

h1. IKEv2 Legacy Configuration Examples

These example scenarios use the deprecated stroke management interface.

h2. Remote Access

|RSA authentication with X.509 certificates      |{{tc(ikev2-stroke/rw-cert,IPv4)}}               |{{tc(ipv6-stroke/rw-ikev2,IPv6)}}    |{{tc(ikev2/nat-rw,NAT)}} |

|PSK authentication with pre-shared keys (IP)    |{{tc(ikev2-stroke/rw-psk-ipv4,IPv4)}}           |{{tc(ipv6-stroke/rw-psk-ikev2,IPv6)}}|{{tc(ikev2/nat-rw-psk,NAT)}}|

|PSK authentication with pre-shared keys (FQDN)  |{{tc(ikev2-stroke/rw-psk-fqdn,IPv4)}}           | | |

|EAP_AKA authentication                          |{{tc(ikev2-stroke/rw-eap-aka-rsa,IPv4)}}        | | |

|EAP_AKA authentication with EAP identity        |{{tc(ikev2-stroke/rw-eap-aka-id-rsa,IPv4)}}     | | |

|EAP_SIM authentication                          |{{tc(ikev2-stroke/rw-eap-sim-rsa,IPv4)}}        | |{{tc(ikev2-stroke/rw-eap-sim-radius,RADIUS)}} |

|EAP_SIM authentication with EAP identity        |                                                | |{{tc(ikev2-stroke/rw-eap-sim-id-radius,RADIUS)}} |

|EAP_SIM only authentication                     |                                                | |{{tc(ikev2-stroke/rw-eap-sim-only-radius,RADIUS)}} |

|EAP_MSCHAPv2 authentication with EAP identity   |{{tc(ikev2-stroke/rw-eap-mschapv2-id-rsa,IPv4)}}| | |

|EAP_MD5 authentication                          |{{tc(ikev2-stroke/rw-eap-md5-rsa,IPv4)}}        | |{{tc(ikev2-stroke/rw-eap-md5-radius,RADIUS)}} |

|EAP_MD5 authentication with EAP identity        |                                                | |{{tc(ikev2-stroke/rw-eap-md5-id-radius,RADIUS)}} |

|EAP_TLS authentication                          |{{tc(ikev2-stroke/rw-eap-tls-only,IPv4)}}       | |{{tc(ikev2-stroke/rw-eap-tls-radius,RADIUS)}} |

|EAP_TTLS with EAP_MD5 client authentication     |{{tc(ikev2-stroke/rw-eap-ttls-only,IPv4)}}      | |{{tc(ikev2-stroke/rw-eap-ttls-radius,RADIUS)}} |

|EAP_PEAP with EAP_MD5 client authentication     |{{tc(ikev2-stroke/rw-eap-peap-md5,IPv4)}}       | |{{tc(ikev2-stroke/rw-eap-peap-radius,RADIUS)}} |

|EAP_PEAP with EAP_MSCHAPv2 client authentication|{{tc(ikev2-stroke/rw-eap-peap-mschapv2,IPv4)}}  | ||

h2. Remote Access with Virtual IP Adresses

| RAM-based server-side virtual IP pool      |{{tc(ikev2-stroke/ip-pool,IPv4)}}         |

| DB-based server-side virtual IP pool       |{{tc(ikev2-stroke/ip-pool-db,IPv4)}}      |

| Static server-side virtual IP addresses    |{{tc(ikev2-stroke/config-payload,IPv4)}}  |

| Static client-side virtual IP addresses    |{{tc(ikev2-stroke/virtual-ip,IPv4)}}      |

| Two RAM-based server-side virtual IP pools |{{tc(ikev2-stroke/ip-two-pools,IPv4)}}    |

| Two DB-based server-side virtual IP pools  |{{tc(ikev2-stroke/ip-two-pools-db,IPv4)}} |

h2. Site-to-Site

|RSA authentication with X.509 certificates       |{{tc(ikev2-stroke/net2net-cert,IPv4)}}  |{{tc(ipv6-stroke/net2net-ikev2,IPv6)}} |

|PSK authentication with pre-shared keys          |{{tc(ikev2-stroke/net2net-psk,IPv4)}}   | |

|Connection setup automatically started by daemon |{{tc(ikev2-stroke/net2net-start,IPv4)}} | |

|Connection setup triggered by data to be tunneled|{{tc(ikev2-stroke/net2net-route,IPv4)}} | |

h2. Host-to-Host

|IPsec tunnel mode with X.509 certificates    |{{tc(ikev2-stroke/host2host-cert,IPv4)}}      |{{tc(ipv6-stroke/host2host-ikev2,IPv6)}} |

|IPsec transport mode with X.509 certificates |{{tc(ikev2-stroke/host2host-transport,IPv4)}} |{{tc(ipv6-stroke/transport-ikev2,IPv6)}} |

h2. IP Protocol and Port Policies

|IPsec tunnel restricted to ICMP and ssh protocols |{{tc(ikev2-stroke/protoport-dual,IPv4)}} |

h2. Complete List

{{tc(ikev2-stroke,All IKEv2 legacy test scenarios)}}