Overview

Control Plane Security - IKEv1 and IKEv2 implements the Internet Key Exchange protocol in the Linux control plane.

Control Plane Security - IKEv1 and IKEv2 is an IKE implementation based on the open source strongSwan distribution, version 5.9.2.

It implements protocols IKEv1 and IKEv2 through a daemon named charon. It allows to negotiate keying material (IPsec SAs) for the use of IPsec VPNs.

Features

Control Plane Security - IKEv1 and IKEv2 supports all strongSwan features.

Supported Algorithms

The supported encryption and authentication algorithms for IKE phase 2 are listed in the fast path IPsec module Supported Algorithms section.

The supported Diffie-Hellman groups and Pseudo-random Functions for IKE phase 1 and 2 and the supported encryption and authentication algorithms for IKE phase 1 are listed below:

• for IKEv1

• for IKEv2

Note

As stated in the Overview section, our Control Plane Security - IKEv1 and IKEv2 is based on the open source strongSwan distribution, version 5.9.2.

Dependencies

6WINDGate modules

• Fast Path IPsec IPv4

• Fast Path IPsec IPv6

Linux

• Control Plane Security - IKEv1 and IKEv2 relies on your Linux distribution’s support of IPsec and cryptographic algorithms.

  Check that the following variables are set to yes (y) in the kernel configuration:

  • CONFIG_XFRM

  • CONFIG_XFRM_ALGO

  • CONFIG_XFRM_USER

  • CONFIG_INET_XFRM_MODE_TUNNEL

  • CONFIG_CRYPTO_AES

  • CONFIG_CRYPTO_CBC

  • CONFIG_CRYPTO_HMAC

  • CONFIG_CRYPTO_SHA1