Table of Contents
- 43. IPSec Basics
- 43.1. IPSec
- 43.2. Public-Key Cryptography
- 43.3. Certificates
- 43.4. IKE IDs
- 43.5. Internet Key Exchange (IKE)
- 43.6. Connection Establishment in IKEv1
- 43.7. Connection Establishment in IKEv2
- 43.8. Algorithms
- 43.9. Protection Against Attacks with Quantum Computers
- 43.10. Comparison of IKEv1 to IKEv2
- 43.11. Recommendations
- 44. Key Management
- 45. strongSwan Versions
- 45.1. Configuration conflicts during migration
- 45.2. Differences between strongSwan versions 4 and 6
- 45.2.1. Support for IKEv2
- 45.2.2. Pre-Shared key: The remote peer's IP address as the IKE ID
- 45.2.3. Grouping connections to the same remote peer
- 45.2.4. Handling of Perfect Forward Secrecy (PFS) for Phase 2
- 45.2.5. mode config push vs. pull
- 45.2.6. Welcome message for VPN clients via mode config
- 45.2.7. Hex encoding for Pre-Shared Keys
- 45.2.8. Fragmentation of IKE packets
- 45.2.9. NAT Traversal is always enabled
- 46. Connecting Individual PCs
- 47. VPN with the NCP Secure Entry Windows Client
- 48. VPN with the Shrew Soft VPN Client
- 49. VPN with the NCP Secure Entry macOS Client
- 50. VPN with the Apple iOS devices
- 51. VPN with Android
- 52. Connecting Complete Networks
- 53. Solving IP Address Conflicts in VPNs Through NAT
- 54. Error Diagnosis