User manual
19: Configuring IPSec
_______________________________________________________________________________________________________
19 Configuring IPSec
IPSec tunnels are handled by strongSwan.
You must configure three sections:
• Common settings
• Connection settings
• Secret settings
Common settings control the overall behaviour of strongSwan. Together, the
connection and secret sections define the required parameters for a two way
IKEv1 tunnel.
19.1 Common settings
These settings control the overall behaviour of strongSwan. This behaviour is
common across all tunnels.
Name Type Required Default Description
Enable
StongSwan
IPSec
Boolean Yes No Enables or disables IPSec.
strictcrlpolicy boolean yes no
Defines if a fresh CRL must be
available for the peer authentication
based on RSA signatures to succeed.
cachecrls boolean yes no
Shows Certificate Revocation Lists
(CRLs) fetched via http or ldap will
be cached in /etc/ipsec.d/crls/ under
a unique file name derived from the
certification authority's public key.
Uniqueids boolean yes yes
Defines whether a particular
participant ID should be kept unique,
with any new (automatically keyed)
connection using an ID from a
different IP address deemed to
replace all old ones using that ID.
Participant IDs normally are unique,
so a new (automatically-keyed)
connection using the same ID is
almost invariably intended to replace
an old one.
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 121 of 255