Messages

Would it be possible to use aliases to define local and remote subnets in IPSEC connections setup?

I'll try that next week.

Where in the GUI should I use it?

PSK definition or Remote Identity in Connection setup?

Can I use DNS type then in the GUI of the new IPSEC?

"If the value has the form <type>:<value> (supported since version 5.2.2), the type and value are explicitly specified:

The following types are known: ipv4, ipv6, ipv4net, ipv6net, ipv4range, ipv6range, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn and keyid. Custom type prefixes may be specified by surrounding the numerical type value with curly brackets."

I need it to resolv the hostname from Remote Endpolint and use IP as Remote Identity. Thats how it worked before. I don't see how I can do that now. If I put the hostname in Remote Authentication it does not resolv it and use the IP.

How do I configure IPSEC in the new connections with remote endpoint as hostname and Identities as IP addresses?

In the old config I just put hostname in Remote Endpoint and setup PSK and setup Identities to My IP and Remote IP.

How do I configure that in the new IPSEC PSK setup?

ok, I have not tried to find it in IPSEC new connections before now. Only in legacy IPSEC. I'll update to DH14 I think.

ok,

Is aes256-sha256-modp1024[DH2] / AES (256 bits) + SHA256 + DH Group 2 not an option with the new connection proposals. I'm having one IPSEC IKEv1 using it.

It does work now :)

Thank you.

Hi,

After updating to 23.7.7 I can no longer choose aes128gcm16-aesxcbc-modp2048 in new IPSEC Connections Proposals.

Thank you

When using the new IPSEC "connections" Automatically generated rules for IPSEC is no longer created.

Why do I have to setup the IPSEC local and remote IDs 2 times in 23.7?

In both "Pre-shared Keys" menu and in Authentication section of Connection setup.

sorry - now I seen it...

In 23.7 the enable IPSEC is still in Tunnel Settings [legacy]. If disabled in legacy the new "Connections" does not start.