Print this page
5782 ike.config(4) needs additional oakley_group numbers
@@ -310,18 +310,31 @@
Unless specified as optional, elements in the parameter-list must
occur exactly once within a given transform's parameter-list:
oakley_group number
The Oakley Diffie-Hellman group used for IKE SA key derivation.
- The group numbers are defined in RFC 2409, Appendix A, and RFC
- 3526. Acceptable values are currently:
- 1 (768-bit)
- 2 (1024-bit)
- 5 (1536-bit)
- 14 (2048-bit)
- 15 (3072-bit)
- 16 (4096-bit)
+ The group numbers are defined in RFC 2409, Appendix A, RFC
+ 3526, and RFC 5114, section 3.2. Acceptable values are
+ currently:
+ 1 (MODP 768-bit)
+ 2 (MODP 1024-bit)
+ 3 (EC2N 155-bit)
+ 4 (EC2N 185-bit)
+ 5 (MODP 1536-bit)
+ 14 (MODP 2048-bit)
+ 15 (MODP 3072-bit)
+ 16 (MODP 4096-bit)
+ 17 (MODP 6144-bit)
+ 18 (MODP 8192-bit)
+ 19 (ECP 256-bit)
+ 20 (ECP 384-bit)
+ 21 (ECP 521-bit)
+ 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup)
+ 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup)
+ 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup)
+ 25 (ECP 192-bit)
+ 26 (ECP 224-bit)
encr_alg {3des, 3des-cbc, blowfish, blowfish-cdc, des, des-cbc, aes,
aes-cbc}
An encryption algorithm, as in ipsecconf(1M). However, of the
@@ -690,7 +703,11 @@
Kivinen, T. RFC 3526, More Modular Exponential (MODP) Diffie-Hellman
Groups for Internet Key Exchange (IKE). The Internet Society, Network
Working Group. May 2003.
+ Lepinksi, M. and Kent, S. RFC 5114, Additional Diffie-Hellman Groups for
+ Use with IETF Standards. BBN Technologies, January 2008.
+
+
April 27, 2009 IKE.CONFIG(4)