_______________________________________________________________________________________________________
_______________________________________________________________________________________________________
© Virtual Access 2018
GW2020 Series User Manual
Issue: 2.1
Page 307 of 423
Web: ESP algorithm
UCI: strongswan.@connection[X].esp
Opt: esp
Specifies the esp algorithm to use.
The format is: encAlgo | authAlgo | DHGroup
encAlgo:
3des
aes128
aes256
serpent
twofish
blowfish
authAlgo:
md5
sha
sha2
DHGroup:
modp1024
modp1536
modp2048
modp3072
modp4096
modp6144
modp8192
For example, a valid encryption algorithm is:
aes128-sha-modp1536.
If no DH group is defined then PFS is disabled.
Web: WAN Interface
UCI: strongswan.@connection[X].waniface
Opt: waniface
This is a space separated list of the WAN interfaces the router
will use to establish a tunnel with the secure gateway.
On the web, a list of the interface names is automatically
generated. If you want to specify more than one interface use
the “custom” value.
Example: If you have a 3G WAN interface called ‘wan and a
WAN ADSL interface called ‘dsl’ and wanted to use one of these
interfaces for this IPSec connection, you would use: ‘wan adsl’.
Web: IKE Life Time
UCI: strongswan.@connection[X].ikelifetime
Opt:ikelifetime
Specifies how long the keyring channel of a connection (ISAKMP
or IKE SA) should last before being renegotiated.
3h
Timespec 1d, 3h, 25m, 10s.
Web: Key Life
UCI: strongswan.@connection[X].keylife
Opt: keylife
Specifies how long a particular instance of a connection (a set of
encryption/authentication keys for user packets) should last,
from successful negotiation to expiry.
Normally, the connection is renegotiated (via the keying
channel) before it expires (see rekeymargin).
1h
Timespec 1d, 1h, 25m, 10s.
Web: Rekey Margin
UCI:
strongswan.@connection[X].rekeymargin
Opt: rekeymargin
Specifies how long before connection expiry or keying-channel
expiry should attempt to negotiate a replacement begin.
Relevant only locally, other end need not agree on it.
9m
Timespec 1d, 2h, 9m, 10s.
Web: Keyring Tries
UCI:
strongswan.@connection[X].keyringtries
Opt: keyringtries
Specifies how many attempts (a positive integer or %forever)
should be made to negotiate a connection, or a replacement for
one, before giving up. The value %forever means 'never give
up'. Relevant only locally, other end need not agree on it.