Feature Request: IPsec IKEv1 + IKEv2 for one peer
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Unknown Object (User)

Authored By

	Unknown Object (User)
	Nov 18 2021, 4:30 AM

Description

Searching for a simple way to set two protocols (IKEv1 + IKEv2) at once for one IPsec (site-to-site) peer

It is useful for migrating from IKEv1 to IKEv2:
On Cisco ASA similar feature:

crypto map outside_map0 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map0 1 set ikev2 ipsec-proposal 3DES AES

Details

Difficulty level: Unknown (require assessment)
Version: VyOS 1.3.0-epa3
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Unspecified (please specify)

Event Timeline

Unknown Object (User) created this task.Nov 18 2021, 4:30 AM

Unknown Object (User) created this object in space S1 VyOS Public.

pool request:
https://github.com/vyos/vyatta-cfg-vpn/pull/51
Create an Ike-group without a command "key-exchange" (like in VyOS 1.4):

set vpn ipsec ike-group IKEgroup close-action 'none'
set vpn ipsec ike-group IKEgroup ikev2-reauth 'no'
set vpn ipsec ike-group IKEgroup lifetime '86400'
set vpn ipsec ike-group IKEgroup proposal 10 encryption 'aes256'
set vpn ipsec ike-group IKEgroup proposal 10 hash 'sha1'
set vpn ipsec ike-group IKEgroup proposal 10 dh-group '5'

pasik added a subscriber: pasik.Nov 20 2021, 9:51 AM

Unknown Object (User) assigned this task to Unknown Object (User).Nov 22 2021, 7:34 AM

Viacheslav changed the subtype of this task from "Task" to "Feature Request".Nov 22 2021, 11:41 AM

Unknown Object (User) closed this task as Resolved.Nov 25 2021, 2:58 AM

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa3) board.Nov 25 2021, 7:49 AM

Feature Request: IPsec IKEv1 + IKEv2 for one peerClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Feature Request: IPsec IKEv1 + IKEv2 for one peer
Closed, ResolvedPublicFEATURE REQUEST
Actions