26: Configuring IPSec
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 220 of 350
Web Field/UCI/Package Option
Web: Enable strongswan
UCI: strongswan.general.enable
Opt: enabled
Enables or disables IPSec.
Web: Strict CRL Policy
UCI: strongswan.general.strictcrlpolicy
Opt: strictcrlpolicy
Defines if a fresh CRL must be available for the peer
authentication based on RSA signatures to succeed.
The IKEv2 application additionally recognizes the
“ifuri” option which reverts to ‘yes’ if at least one
CRL URI is defined and to ‘no’ if no URI is known.
Web: Unique IDs
UCI: strongswan.general.uniqueids
Opt: uniqueids
Defines whether a particular participant ID should be kept
unique, with any new (automatically keyed) connection using an
ID from a different IP address deemed to replace all old ones
using that ID.
Participant IDs normally are unique, so a new (automatically-
keyed) connection using the same ID is almost invariably
intended to replace an old one.
Rejects new IKE SA and keep the duplicate
established earlier
Web: Cache CRLs
UCI: strongswan.general.cachecrls
Opt: cachecrls
Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP will
be cached in /etc/ipsec.d/crls/ under a unique file name derived
from the certification authority's public key.
Web: Debug
UCI: strongswan.general.debug
Opt: debug
Enable debugging. This option is used for trouble shooting issues.
It is not suitable for a production environment.
Debug enabled. Shows generic control flow with
errors and very basic auditing logs.
Debug enabled. Most verbose logging also
includes sensitive information such as keys.
Table 73: Information table for IPSec common settings
26.2.2 Common settings: configure connection
Figure 117: The configuring IPSec settings
To Next Page
Loading...