User manual
19: Configuring IPSec
_______________________________________________________________________________________________________
An example of a typical set of common settings for strongSwan is shown below.
root@VA_router:~# uci show Strongswan.general
Strongswan.general=general
Strongswan.general.strictcrlpolicy=no
Strongswan.general.cachecrls=no
Strongswan.general.uniqueids=yes
Strongswan.general.ikev1enabled=yes
config 'general' 'general'
option 'strictcrlpolicy' 'no'
option 'cachecrls' 'no'
option 'uniqueids' 'yes'
19.2 Connection settings
Use this section to define the parameters for an IPSec tunnel.
Name Type
Required
Default
Description
type string
yes
tunnel
Defines whether the connection is
tunnel or transport mode.
name string
yes
none
Specifies a name for the tunnel.
waniface string
yes
none
Defines the wan interface used
by this tunnel.
xauth_identity string
No
none
Defines Xauth ID.
authby String
No
psk
Defines authentication method.
Available options, psk, xauthpsk.
Aggressive String
No
No
Enables aggressive mode
localid
string
Yes
None
Defines the local peer identifier.
locallan
string
Yes
None
Defines the local IP of LAN.
locallanmask string
Yes
None
Defines the subnet of local LAN.
remoteid string
Yes
None
Sets the remote peer identifier.
remoteaddress string
Yes
None
Sets the public IP address of
remote peer.
remotelan string
Yes
None
Sets the IP address of LAN
serviced by remote peer.
remotelanmask string
Yes
None
Sets the Subnet of remote LAN.
Ike string
Yes
aes128
-sha1-
modp2048,3des-
Specifies the IKE algorithm to
use.
The format is:
encAlgo-authAlgo-DHGroup
encAlgo: 3des, aes, serpent,
twofish, blowfish
authAlgo: md5, sha, sha2
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 122 of 255