From: Tobias Brunner Date: Wed, 31 Aug 2016 09:44:11 +0000 (+0200) Subject: swanctl: Document how DH groups in CHILD_SA proposals are applied X-Git-Tag: 5.5.1dr3~17 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=f883cd6df6d3d1471ea1249fb3189b6e8c5c29d0;p=thirdparty%2Fstrongswan.git swanctl: Document how DH groups in CHILD_SA proposals are applied References #1039. --- diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index fe5b293fb2..15cbc6cfca 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -472,7 +472,7 @@ connections..children..ah_proposals = For AH, this includes an integrity algorithm and an optional Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate Diffie-Hellman exchange using the specified - group. + group (refer to _esp_proposals_ for details). In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per @@ -495,11 +495,18 @@ connections..children..esp_proposals = default mode algorithm is used instead of the separate encryption/integrity algorithms. - If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non - IKE_AUTH piggybacked) negotiation uses a separate Diffie-Hellman exchange - using the specified group. Extended Sequence Number support may be indicated - with the _esn_ and _noesn_ values, both may be included to indicate support - for both modes. If omitted, _noesn_ is assumed. + If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial + negotiation use a separate Diffie-Hellman exchange using the specified + group. However, for IKEv2, the keys of the CHILD_SA created implicitly with + the IKE_SA will always be derived from the IKE_SA's key material. So any DH + group specified here will only apply when the CHILD_SA is later rekeyed or + is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch + might, therefore, not immediately be noticed when the SA is established, but + may later cause rekeying to fail. + + Extended Sequence Number support may be indicated with the _esn_ and _noesn_ + values, both may be included to indicate support for both modes. If omitted, + _noesn_ is assumed. In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per