2.2.1.2.238 IKEV2_TUNNEL_CONFIG_PARAMS_2
The IKEV2_TUNNEL_CONFIG_PARAMS_2 structure<167> is used to get or set configured parameters for IKEv2 devices [RFC4306].
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
dwIdleTimeout |
|||||||||||||||||||||||||||||||
|
dwNetworkBlackoutTime |
|||||||||||||||||||||||||||||||
|
dwSaLifeTime |
|||||||||||||||||||||||||||||||
|
dwSaDataSizeForRenegotiation |
|||||||||||||||||||||||||||||||
|
dwConfigOptions |
|||||||||||||||||||||||||||||||
|
dwTotalCertificates |
|||||||||||||||||||||||||||||||
|
certificateNames (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
machineCertificateName (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
dwEncryptionType |
|||||||||||||||||||||||||||||||
|
customPolicy |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
dwIdleTimeout (4 bytes): Same as dwIdleTimeout in IKEV2_TUNNEL_CONFIG_PARAMS_1.
dwNetworkBlackoutTime (4 bytes): Same as dwNetworkBlackoutTime in IKEV2_TUNNEL_CONFIG_PARAMS_1.
dwSaLifeTime (4 bytes): Same as dwSaLifeTime in IKEV2_TUNNEL_CONFIG_PARAMS_1.
dwSaDataSizeForRenegotiation (4 bytes): Same as dwSaDataSizeForRenegotiation in IKEV2_TUNNEL_CONFIG_PARAMS_1.
dwConfigOptions (4 bytes): Same as dwConfigOptions in IKEV2_TUNNEL_CONFIG_PARAMS_1.
dwTotalCertificates (4 bytes): Same as dwTotalCertificates in IKEV2_TUNNEL_CONFIG_PARAMS_1.
certificateNames (variable): Same as certificateNames in IKEV2_TUNNEL_CONFIG_PARAMS_1.
machineCertificateName (variable): This MUST be a CERT_BLOB_1. This member specifies the certificate configured to be sent to the peer for authentication during the main mode (MM SA) negotiation [RFC4306] for the IKE2 tunnel-based VPN connections. A zero (0) value for the cbData member of CERT_BLOB_1 indicates that no certificate is configured.
dwEncryptionType (4 bytes): Specifies the encryption type to be negotiated during the SA negotiation [RFC4306] for the IKE2 tunnel-based VPN connections. This SHOULD have one of the values in the following table.
-
Value
Meaning
0
RRAS will not negotiate encryption.
1
RRAS requests encryption during negotiation. Negotiation will succeed even if remote RRAS does not support encryption.
2
RRAS requires encryption to be negotiated.
3
RRAS requires maximum-strength encryption to be negotiated.
customPolicy (8 bytes): This MUST be a pointer to ROUTER_CUSTOM_IKEv2_POLICY_0 that specifies the custom IKEv2 configurations to be used during the SA negotiation [RFC4306]. The NULL value for this member indicates that no custom IKEv2 configuration is available.