IPSec Advanced Settings

IPSec Advanced Settings

Version 0.1 (02 May 2018)

Advanced IPSec Settings

The available IPSec implementation supports a wide range of additional settings which can be used to adjust the behavior and security. The samples in this guide only highlight the basics.

Below is a list of some additional settings which can be used.

Setting
Example Value
Comment
ike
aes256-sha2;dh21
IKE encryption/authentication algorithm to be used for the connection
ikev2
insist
IKEv2 (RFC 7296) settings to be used.
Options are:
Permit (default)
never
propose
insist
dpddelay
2
Set the delay (in time units, defaults to seconds) between Dead Peer Detection or IKEv2 Liveness keepalives that are sent for this connection (default 0 seconds). If dpddelay is set, dpdtimeout also needs to be set.
dpdtimeout
6
Set the length of time that we will idle without hearing back from our peer.
salifetime
24h
how long a particular instance of a connection should last, from successful negotiation to expiry (default 8h, maximum 24h). Normally, the connection is renegotiated (via the keying channel) before it expires.
ikelifetime
 
 
metric
100
Set the metric for the routes to the ipsecX or mastX interface.

    • Related Articles

    • IPsec tunnel to AWS VPC with Certificates

      IPsec tunnel to AWS VPC with Certificates tested on: 5.2.1, 6.0.5 AWS VPC configuration Create Certificates AWS supports multiple ways to create and manage certificates. This guide utilized AWS Certificate Manager, read AWS documentation on how the ...
    • IPsec tunnel Nodegrid to PaloAlto with IKEv2 only

      IPsec tunnel Nodegrid to PaloAlto with IKEv2 only Setup Overview This documents outlines how a Nodegrid system can establish a IPSec tunnel to a PaloAlto firewall in tunnel mode. This guide was verified with PaloAlto version 8.0 and Nodegrid version ...
    • How to Prepare a Nodegrid Node for IPSec

      Version 0.1 (02 May 2018) Overview Nodegrid comes with all the required tools to run and configure IPSec pre-installed, but IPSec is by default not configured and a few preparation steps on every node need to be performed before the first VPN ...
    • export_settings and import_settings

      The export_settings and import_settings are CLI features that allow you to export/import the entire or partial (subtree or the configuration of a given path) configuration in a text format. The input and output can be a file or standard input/output ...
    • How to Configure IPSec Host to Host tunnel with Certificate

      Version 0.1 (02 May 2018) Overview Host to Host configurations allow two nodes to established a tunnel between them. The encrypted communication will be limited just to the two nodes involved. Figure 11: Host to Host Configuration Example Details ...