TunnelConfig
This configuration captures phase two negotiation parameters and tunnel properties.
{
"perfectForwardSecrecyEnabled": false,
"dfPolicy": {},
"dhGroups": [
{}
],
"digestAlgorithms": [
{}
],
"encryptionAlgorithms": [
{}
],
"saLifeTime": 0
}
If true, perfect forward secrecy is enabled. The default value is true.
Defragmentation Policy helps to handle defragmentation bits present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.
The list of Diffie-Helman groups to be used is PFS is enabled. Default is GROUP14.
The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128.
The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty.
The Security Association life time in seconds. Default is 3600 seconds.