Hey
I am trying to establish an IPSec with IKEv2 between VyOS and other vendors but the issue is that Vyos is not supported integrity in ESP mode.
I want to have the below parameters and this is my configuration:
IKEv2
phase-1 parameters:
DH group: 14
authentication: aes256
integrity: hmac-sha2-256
hash: SHA2-256
lifetime: 86400
phase-2 parameters:
Encryption protocol mode: ESP tunnel
authentication: aes256
hash: sha256
PFS: none
lifetime: 3600
set esp-group VR02_esp lifetime ‘3600’
set esp-group VR02_esp mode ‘tunnel’
set esp-group VR02_esp pfs ‘disable’
set esp-group VR02_esp proposal 1 encryption ‘aes256’
set esp-group VR02_esp proposal 1 hash ‘sha256’
set ike-group VR02_ike key-exchange ‘ikev2’
set ike-group VR02_ike lifetime ‘86400’
set ike-group VR02_ike proposal 1 dh-group ‘14’
set ike-group VR02_ike proposal 1 encryption ‘aes256’
set ike-group VR02_ike proposal 1 hash ‘sha256’
but there is nowhere to configure integrity: hmac-sha2-256
regards
Keyvan