TunnelConfig

TunnelConfig
TunnelConfig

This configuration captures phase two negotiation parameters and tunnel properties.

JSON Example
{
    "perfectForwardSecrecyEnabled": false,
    "dfPolicy": {},
    "dhGroups": [
        {}
    ],
    "digestAlgorithms": [
        {}
    ],
    "encryptionAlgorithms": [
        {}
    ],
    "saLifeTime": 0
}
boolean
perfectForwardSecrecyEnabled
Optional

If true, perfect forward secrecy is enabled. The default value is true.

dfPolicy
Optional

Defragmentation Policy helps to handle defragmentation bits present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.

Possible values are : COPY, CLEAR,
dhGroups
Required

The list of Diffie-Helman groups to be used is PFS is enabled. Default is GROUP14.

digestAlgorithms
Optional

The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128.

encryptionAlgorithms
Required

The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty.

integer
saLifeTime
Optional

The Security Association life time in seconds. Default is 3600 seconds.

Availability
Added in 33.0