ipsec

准备环境 1 主机ip:192.168.0.107 2 VPN服务器: ens32:192.168.0.102 ens33:127.16.1.10 环境测试 modprobe ppp-compress-18 && echo yes cat /dev/net/tun 软件安装 [root@localhost ~]# yum install -y xl2tpd libreswan lsof 注意：若无法安装xl2tp yum install -y epel-release xl2tpd.conf [root@localhost ~]# vim /etc/xl2tpd/xl2tpd.conf [global] [lns default] ip range = 172.16.1.100-172.16.1.199 local ip = 172.16.1.10 require chap = yes refuse pap = yes require authentication = yes name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yess options.xl2tpd [root@localhost ~]# vim /etc/ppp/options.xl2tpd

I have a Confusion regarding rekeying Procedure of IKE_SA in IKEv2. MY confusion is when rekeying of IKE_SA is done whether its repective Keys of CHILD_SAs ie. ESP or AH SAs would be change or not. As per rfc 7296, in rekeying procedure of IKE_SA new SKEYSEED would be generate and then new set of {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr} = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr). i.e. new Sk_d is generated.So, using these new values whether new keymat would be generated or not by this way, KEYMAT = prf+(SK_d, g^ir (new) | Ni | Nr). and would using this new ESP/AH Keys would be

Closed. This question is off-topic . It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . IPSec is employed at the IP level, SSL at the transport level and PGP at the application level. In some lecture not it says: IPSEC: Most general solution but least flexible SSL: Still very general and some flexibility PGP: Least general but very flexibel. I guess the general refers to what kind of protocol I can secure. With IPSEC I can secure everything that uses TCP or UDP. PGP is the least general because it