Bug #5990
closed
AES-GCM should be an allowed encryption algorithm for IKEv2 in P1
0%
Description
Can see that GCM options for phase1 IPsec has been removed again at:
https://github.com/pfsense/pfsense/commit/76bec1ab8790964c9714f7f8497edfa1a6c53409
A few topics regarding this already exists but think its time to be sure that the correct options are available on the website for both IKEv1 and IKEv2
https://redmine.pfsense.org/issues/5758
https://redmine.pfsense.org/issues/4042
I have already commented something on github but I think a redesign is needed on the website, since IKEv2 doesnt have a concept of phase 1 and phase 2. The initial exchange in IKEv2 (known as Phase 1 in IKEv1) covers both the establishment of the IKE SA and establishment of the first child SA. Hence in IKEv2 there is no “phase 2” after the initial exchange (at least not until the first child SA needs to be rekeyed).
IKEv2 specification
https://tools.ietf.org/html/rfc7296#section-1.2
“
Communication using IKE always begins with IKE_SA_INIT and IKE_AUTH
exchanges (known in IKEv1 as Phase 1). These initial exchanges
normally consist of four messages, though in some scenarios that
number can grow. All communications using IKE consist of request/
response pairs. We'll describe the base exchange first, followed by
variations. The first pair of messages (IKE_SA_INIT) negotiate
cryptographic algorithms, exchange nonces, and do a Diffie-Hellman
exchange [DH].
”
Difference between IKEv1 and IKEv2
https://tools.ietf.org/html/rfc6071#section-2.3.1
” Protection of IKE messages based on ESP, rather than a method
unique to IKE
”
IKEv2 uses the same protection for IKE messages as for ESP. So if one wants to use GCM for ESP, one will also have to use GCM for IKE messages.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by