Notizen:
The Internet Key Exchange protocol is used to setup and manage the connections. The protocol is based on UDP port 500. Based on IKE both parties authenticate each other and exchange their keys.
This usually happens in two phases:
Phase 1:
In phase one IKE is used to setup a bidirectional ISAKMP SA (Internet Security Association and Key Management Protocol Security Association). This is the foundation for all tunnels to be setup between the two parties.
Phase 2:
In the second phase the unidirectional connections between the gateways are negotiated based on the ISAKMP SA. These connections implement the actual tunnel which authenticate and encrypt the traffic. Since they are unidirectional by nature the are usually negotiated pairwise.
For the implementation of these tunnels FreeS/Wan supports: 3DES, MD5, SHA and Diffie Hellmann Groups 2 and 5.
FreeS/Wan does not implement DES.