For AH, this includes an integrity algorithm and an optional Diffie-Hellman
group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
negotiation uses a separate Diffie-Hellman exchange using the specified
- group.
+ group (refer to _esp_proposals_ for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single
proposal, from which one gets selected. In IKEv1, only one algorithm per
mode algorithm is used instead of the separate encryption/integrity
algorithms.
- If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non
- IKE_AUTH piggybacked) negotiation uses a separate Diffie-Hellman exchange
- using the specified group. Extended Sequence Number support may be indicated
- with the _esn_ and _noesn_ values, both may be included to indicate support
- for both modes. If omitted, _noesn_ is assumed.
+ If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
+ negotiation use a separate Diffie-Hellman exchange using the specified
+ group. However, for IKEv2, the keys of the CHILD_SA created implicitly with
+ the IKE_SA will always be derived from the IKE_SA's key material. So any DH
+ group specified here will only apply when the CHILD_SA is later rekeyed or
+ is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch
+ might, therefore, not immediately be noticed when the SA is established, but
+ may later cause rekeying to fail.
+
+ Extended Sequence Number support may be indicated with the _esn_ and _noesn_
+ values, both may be included to indicate support for both modes. If omitted,
+ _noesn_ is assumed.
In IKEv2, multiple algorithms of the same kind can be specified in a single
proposal, from which one gets selected. In IKEv1, only one algorithm per
projects / thirdparty / strongswan.git / commitdiff
