[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openikev2-users
Subject:    [openikev2-users] peer section in configuration file
From:       alejandro_perez () dif ! um ! es (Alejandro Perez Mendez)
Date:       2006-07-10 16:15:51
Message-ID: 1152541363.22849.13.camel () diffie
[Download RAW message or body]


> hello,everyone!

Hi
 
>   I am configuring the openikev2 in the platform of Fedora Core.
>   I am focused about the peer section and anonymous section.
>   But I don't kown which section should I configure?

There should be a peer section for each concrete peer (or peer group)
you desire communicate with using specific parameters.

The anonymous section is applied (if exists) to all the peers that
doesn't have a specific peer section.


>   Should peer section be applied to host-host or tunnel-tunnel model?

Peer section is applied to both host-host and tunnel-tunnel depending on
the security policies. The peer section specifies the concrete
algorithms to be used, not the ipsec mode.

>   And in the peer section,what is peer_id standing for,and what is the
> difference between peer_id and my_id in ike_sa section.

peer_id specifies the ID of the peer (or the IDs of the peers) matching
the concrete peer section. If the received ID of the peer (in the
IKE_AUTH exchange) doesn't math any peer section, the anonymous section
is applied.

my_id is the ID we will send to the peer in the IKE_AUTH exchange

Best regards!


[prev in list] [next in list] [prev in thread] [next in thread]