Page MenuHomeVyOS Platform

Feature Request: IPsec IKEv1 + IKEv2 for one peer
Closed, ResolvedPublicFEATURE REQUEST

Description

Searching for a simple way to set two protocols (IKEv1 + IKEv2) at once for one IPsec (site-to-site) peer

It is useful for migrating from IKEv1 to IKEv2:
On Cisco ASA similar feature:

crypto map outside_map0 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map0 1 set ikev2 ipsec-proposal 3DES AES

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3.0-epa3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

pool request:
https://github.com/vyos/vyatta-cfg-vpn/pull/51
Create an Ike-group without a command "key-exchange" (like in VyOS 1.4):

set vpn ipsec ike-group IKEgroup close-action 'none'
set vpn ipsec ike-group IKEgroup ikev2-reauth 'no'
set vpn ipsec ike-group IKEgroup lifetime '86400'
set vpn ipsec ike-group IKEgroup proposal 10 encryption 'aes256'
set vpn ipsec ike-group IKEgroup proposal 10 hash 'sha1'
set vpn ipsec ike-group IKEgroup proposal 10 dh-group '5'
Viacheslav changed the subtype of this task from "Task" to "Feature Request".Mon, Nov 22, 11:41 AM