#geekadventures — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #geekadventures, aggregated by home.social.
-
Wow! After delving into IPSec strongSwan rekeying, I now know that the initial 'data key' (Child SA) is like a quick handshake with no fancy secret exchange (PFS) (RTFM! [1]). However, for rekeys, it's full secret agent handshake mode! Writing the GitHub bug report, which turned out not to be a bug, helped me to understand my situation better. [2] Finally migrated to the new IPSEC connection setup in OPNsense and updated my blog post. [3]
(Now I expect to get answers, aka 'Use WireGuard!')
[1]: https://docs.strongswan.org/docs/latest/config/rekeying.html#_ikev2
[2]: https://github.com/opnsense/core/issues/8631
[3]: https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/ -
Wow! After delving into IPSec strongSwan rekeying, I now know that the initial 'data key' (Child SA) is like a quick handshake with no fancy secret exchange (PFS) (RTFM! [1]). However, for rekeys, it's full secret agent handshake mode! Writing the GitHub bug report, which turned out not to be a bug, helped me to understand my situation better. [2] Finally migrated to the new IPSEC connection setup in OPNsense and updated my blog post. [3]
(Now I expect to get answers, aka 'Use WireGuard!')
[1]: https://docs.strongswan.org/docs/latest/config/rekeying.html#_ikev2
[2]: https://github.com/opnsense/core/issues/8631
[3]: https://du.nkel.dev/blog/2021-11-19_pfsense_opnsense_ipsec_cgnat/