[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Rekey by Datavolume + store public key
From: Andreas Steffen <andreas.steffen () strongswan ! org>
Date: 2008-09-22 22:35:59
Message-ID: 48D81DCF.2040800 () strongswan ! org
[Download RAW message or body]
Hi Tobias,
tobias.gruber@uni-ulm.de wrote:
> Hello,
>
> is it possible to rekey by Datavolume. I only find a solution with time (sec).
>
rekeying by data volume is currently not supported. The native
NETKEY IPsec stack of the Linux 2.6 kernel is able to count transferred
bytes but we do not currently configure a volume threshold.
> and a 2. question:
> is there a possibility to store the public key (certificat) of the
> server on the client. So that the certificat must not be transfert all
> the time the client sets up a connection to the vpn server?
>
Yes, it is possible to store a peer certificate locally and to
suppress the in-band exchange of certificates via IKE.
For IKEv1 define:
config setup
nocrsend=yes # suppresses CR payload
conn xxx
rightcert=peerCert.pem
leftsendcert=never # suppresses CERT payload
as in the IKEv1 example scenario
http://www.strongswan.org/uml/testresults42/ikev1/default-keys/
and for IKEv2 define:
conn xxx
rightcert=peerCert.pem
leftcert=myCert.pem
rightsendcert=never # suppresses CR payload
leftsendcert=never # suppresses CERT payload
as in the IKEv2 example scenario
http://www.strongswan.org/uml/testresults42/ikev2/default-keys/
> Regards
> Tobias
Best regards
Andreas
======================================================================
Andreas Steffen andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic