Hi!
Trying to setup an IPSec tunnel with a possibly Cisco or Checkpoint device, and they have dh-group 14 on both esp and ike proposals.
Im using VyOS 1.3-rolling-202006081325 and I dont see the option to type that.
Is it possible to have esp-group with dh-group in it?
set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group xxxx
set vpn ipsec esp-group MyESPGroup pfs dh-groupXX
As remarked by @Viacheslav , there you have the command on how to set up dh-group.
Remember, you can always use tab-key for help. For example:
vyos@vyos# set vpn ipsec ike-group IKE-GROUP proposal 1 dh-group <here_press_tab_key_for_help>
Possible completions:
1 Diffie-Hellman group 1 (modp768)
2 Diffie-Hellman group 2 (modp1024)
5 Diffie-Hellman group 5 (modp1536)
14 Diffie-Hellman group 14 (modp2048)
15 Diffie-Hellman group 15 (modp3072)
16 Diffie-Hellman group 16 (modp4096)
17 Diffie-Hellman group 17 (modp6144)
18 Diffie-Hellman group 18 (modp8192)
19 Diffie-Hellman group 19 (ecp256)
20 Diffie-Hellman group 20 (ecp384)
21 Diffie-Hellman group 21 (ecp521)
22 Diffie-Hellman group 22 (modp1024s160)
23 Diffie-Hellman group 23 (modp2048s224)
24 Diffie-Hellman group 24 (modp2048s256)
25 Diffie-Hellman group 25 (ecp192)
26 Diffie-Hellman group 26 (ecp224)
27 Diffie-Hellman group 27 (ecp224bp)
28 Diffie-Hellman group 28 (ecp256bp)
29 Diffie-Hellman group 29 (ecp384bp)
30 Diffie-Hellman group 30 (ecp512bp)
31 Diffie-Hellman group 31 (curve25519)
32 Diffie-Hellman group 32 (curve448)
Thank you very much. I suppose I need to look to other reasons why tunnels aren’t working …