To Next Page

To Previous Page

26: Configuring IPSec

_______________________________________________________________________________________________________

_____________________________________________________________________________________________________

GW1000 Series User Manual

Issue: 1.9 Page 225 of 350

Web: ESP algorithm

UCI: strongswan.@connection[X].esp

Opt: esp

Specifies the esp algorithm to use.

The format is: encAlgo | authAlgo | DHGroup

encAlgo:

3des

aes128

aes256

serpent

twofish

blowfish

authAlgo:

md5

sha

sha2

DHGroup:

modp1024

modp1536

modp2048

modp3072

modp4096

modp6144

modp8192

For example, a valid encryption algorithm is:

aes128-sha-modp1536.

If no DH group is defined then PFS is disabled.

Web: WAN Interface

UCI: strongswan.@connection[X].waniface

Opt: waniface

This is a space separated list of the WAN interfaces the router

will use to establish a tunnel with the secure gateway.

On the web, a list of the interface names is automatically

generated. If you want to specify more than one interface use

the “custom” value.

Example: If you have a 3G WAN interface called ‘wan and a

WAN ADSL interface called ‘dsl’ and wanted to use one of

these interfaces for this IPSec connection, you would use:

‘wan adsl’.

Web: IKE Life Time

UCI: strongswan.@connection[X].ikelifetime

Opt:ikelifetime

Specifies how long the keyring channel of a connection

(ISAKMP or IKE SA) should last before being renegotiated.

Timespec

1d, 3h, 25m, 10s.

Web: Key Life

UCI: strongswan.@connection[X].keylife

Opt: keylife

Specifies how long a particular instance of a connection (a set

of encryption/authentication keys for user packets) should

last, from successful negotiation to expiry.

Normally, the connection is renegotiated (via the keying

channel) before it expires (see rekeymargin).

Timespec

1d, 1h, 25m, 10s.

Web: Rekey Margin

UCI:

strongswan.@connection[X].rekeymargin

Opt: rekeymargin

Specifies how long before connection expiry or keying-

channel expiry should attempt to negotiate a replacement

begin.

Relevant only locally, other end need not agree on it.

Timespec

1d, 2h, 9m, 10s.

Web: Keyring Tries

UCI: strongswan.@connection[X].keyringtries

Opt: keyringtries

Specifies how many attempts (a positive integer or %forever)

should be made to negotiate a connection, or a replacement

for one, before giving up. The value %forever means 'never

give up'. Relevant only locally, other end need not agree on

it.

Brand	virtual access
Model	GW2024P-2
Category	Wireless Router
Language	English

virtual access GW2024P-2 User Manual

Table of Contents

Questions and Answers:

virtual access GW2024P-2 Specifications