strongSwan User Documentation » History » Version 22
Martin Willi, 29.09.2007 09:34
added IpsecCommand
| 1 | 5 | Martin Willi | = strongSwan User Documentation = |
|---|---|---|---|
| 2 | 2 | Martin Willi | |
| 3 | 2 | Martin Willi | == Features == |
| 4 | 17 | Martin Willi | * [wiki:VirtualIp Virtual IP] via mode-config (IKEv1) or configuration payload (IKEv2) |
| 5 | 17 | Martin Willi | * [wiki:NatTraversal NAT Traversal] |
| 6 | 17 | Martin Willi | * [wiki:MobIke MOBIKE] |
| 7 | 1 | Martin Willi | |
| 8 | 1 | Martin Willi | == Configuration == |
| 9 | 18 | Martin Willi | * [wiki:IpsecConf ipsec.conf] file |
| 10 | 18 | Martin Willi | * [wiki:IpsecSecrets ipsec.secrets] file |
| 11 | 18 | Martin Willi | * [wiki:IpsecDirectory ipsec.d] directory |
| 12 | 18 | Martin Willi | * [http://www.strongswan.org/docs/readme.htm Configuration HOWTO] |
| 13 | 1 | Martin Willi | |
| 14 | 17 | Martin Willi | == Configuration Examples == |
| 15 | 17 | Martin Willi | Dozens of both simple and advanced VPN scenarios: |
| 16 | 17 | Martin Willi | * [http://www.strongswan.org/uml/testresults4/ikev1 IKEv1] examples |
| 17 | 17 | Martin Willi | * [http://www.strongswan.org/uml/testresults4/ikev2 IKEv2] examples |
| 18 | 17 | Martin Willi | * [http://www.strongswan.org/uml/testresults4/ipv6 IPv6] examples |
| 19 | 17 | Martin Willi | |
| 20 | 22 | Martin Willi | == Management Commands == |
| 21 | 22 | Martin Willi | * The powerful [wiki:IpsecCommand ipsec] command starts, stops and monitors IPsec connections. |
| 22 | 15 | Martin Willi | |
| 23 | 22 | Martin Willi | == Auxiliary Tools == |
| 24 | 1 | Martin Willi | |
| 25 | 1 | Martin Willi | * ipsec [wiki:OpenAc openac] generates ''X.509 attribute certificates'' |
| 26 | 1 | Martin Willi | * ipsec [wiki:ScepClient scepclient] implements the ''Simple Certificate Enrollment Protocol (SCEP)'' |
| 27 | 1 | Martin Willi | * ipsec [wiki:IpsecStarter starter] starts, stops, and configures the IKE daemons |
| 28 | 22 | Martin Willi | * ipsec [wiki:IpsecStroke] controls the IKEv2 charon daemon |
| 29 | 22 | Martin Willi | * ipsec [wiki:IpsecWhack] controls the IKEv1 pluto daemon |
| 30 | 1 | Martin Willi | |
| 31 | 22 | Martin Willi | == Interoperability == |
| 32 | 22 | Martin Willi | |
| 33 | 22 | Martin Willi | * [wiki:WindowsVista Windows Vista] |
| 34 | 22 | Martin Willi | |
| 35 | 22 | Martin Willi | == Frequently Asked Questions == |
| 36 | 22 | Martin Willi | |
| 37 | 22 | Martin Willi | * A [wiki:FAQ] is maintained [wiki:FAQ here]. |
| 38 | 15 | Martin Willi | |
| 39 | 6 | Martin Willi | '''Q:''' ''I'm trying to set up a VPN tunnel with a ZyXELL/Linksys/X router but the other side keeps on telling me "no proposal chosen" when strongSwan initiates the connection.'' |
| 40 | 9 | Martin Willi | |
| 41 | 6 | Martin Willi | '''A:''' Make sure that the peer supports all the algorithms (including the key lengths) which strongSwan proposes for IKE and ESP. In terms of IKE, the proposal consists of the following parts: Encryption algorithm, hash algorithm (PRF) and DH group. In terms of ESP the proposal includes the following: Encryption algorithm, hash algorithm, pfs group (DH group) and '''compression algorithm'''. There are lots of IPSec implementations out there that do '''not''' support compression or have implemented it erronously. So the first thing to try in this situation is to switch compression off on the peer. strongSwan's default setting is |
| 42 | 6 | Martin Willi | {{{ |
| 43 | 1 | Martin Willi | compress=no |
| 44 | 7 | Tobias Brunner | }}} |
| 45 | 7 | Tobias Brunner | See also Chapter [http://www.strongswan.org/docs/readme4.htm#section_14.1 14.1 Authentication and encryption algorithms] of the strongSwan documentation. It has good information about the relevant parameters. |