A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys.
<b>moon</b> uses the wolfssl plugin based on the wolfCrypt library for all
-cryptographical functions whereas <b>sun</b> uses the default strongSwan
-cryptographical plugins.
+cryptographical functions whereas <b>sun</b> uses t<b>openssl</b> as the default
+<b>strongSwan</b> cryptographical plugin.
<p/>
Upon the successful establishment of the IPsec tunnel, the updown script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = random pem sha1 pkcs1 pkcs8 curve25519 x509 revocation constraints
+ load = random pem pkcs1 openssl revocation constraints
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
}
The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>wolfssl</b>
plugin based on the <b>wolfSSL</b> library for all cryptographical functions whereas
-roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange
-on <b>x25519</b>.
+roadwarrior <b>dave</b> uses <b>openssl</b> as the default <b>strongSwan</b>
+cryptographical plugin. The authentication is based on <b>X.509 certificates</b>
+and the key exchange on <b>x25519</b>.
<p/>
Upon the successful establishment of the IPsec tunnels, the updown script
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pkcs1 pem openssl x509 revocation constraints
+ load = pkcs1 pem openssl revocation constraints
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
rsa_pss = yes
}
The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>wolfssl</b>
plugin based on the <b>wolfCrypt</b> library for all cryptographical functions whereas
-roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange
-on <b>modp3072</b>.
+roadwarrior <b>dave</b> uses <b>openssl</b> as the default <b>strongSwan</b>
+cryptographical plugin. The authentication is based on <b>X.509 certificates</b>
+and the key exchange on <b>modp3072</b>.
<p/>
Upon the successful establishment of the IPsec tunnels, the updown script
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 revocation constraints pubkey openssl random
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce openssl pem pkcs1 revocation constraints pubkey curl kernel-netlink socket-default updown vici
rsa_pss = yes
}
projects / thirdparty / strongswan.git / commitdiff
