| Product | ZASTAVA TestServer (build 4249, 28 March 2024) | |
| Test server IP address | 82.138.51.188 | |
| Test server IKE ports | udp:500, udp:4500, tcp:4500 | |
| Internal IP addresses to test connection | 10.0.0.2 (ping, http) | |
| Supported features | ||
| IKEv2 | RFC 7296 | |
| IKEv2 MOBIKE | RFC 4555 | |
| IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) | RFC 4754 | |
| IKEv2 Redirect (*) | RFC 5685 | |
| IKEv2 Session Resumption | RFC 5723 | |
| IKEv2 Childless IKE SA | RFC 6023 | |
| IKEv2 Quick Crash Detection | RFC 6290 | |
| IKEv2 High Availability Cluster (**) | RFC 6311 | |
| IKEv2 Fragmentation | RFC 7383 | |
| IKEv2 Signature Authentication | RFC 7427 | |
| IKEv2 NULL Authentication | RFC 7619 | |
| ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec | RFC 7634 | |
| IKEv2 Clone IKE SA | RFC 7791 | |
| IKEv2 Puzzles (*) | RFC 8019 | |
| Curve25519 and Curve448 for the IKEv2 Key Agreement | RFC 8031 | |
| IKEv2 and ESP over TCP | RFC 8229 | |
| IKEv2 Split DNS | RFC 8598 | |
| Mixing Preshared Keys in IKEv2 for Post-quantum Security | RFC 8784 | |
| Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2) | RFC 9242 | |
| Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security | draft-smyslov-ipsecme-ikev2-qr-alt-04, draft-ietf-ipsecme-ikev2-qr-alt-00 | |
| Multiple Key Exchanges in IKEv2 | RFC 9370 | |
| Beyond 64KB Limit of IKEv2 Payloads | draft-tjhai-ikev2-beyond-64k-limit-03 | |
| A Larger Internet Key Exchange version 2 (IKEv2) Payload | draft-nir-ipsecme-big-payload-03 | |
| Testing configuration details | ||
| IKE Algorithms | CIPHER | ENCR_AES_GCM_16 (256 bit) ENCR_AES_GCM_8 (256 bit) ENCR_CHACHA20_POLY1305 ENCR_AES_CBC (256 bits) ENCR_AES_CBC (128 bits) |
| PRF | SHA2_256-HMAC |
|
| AUTH | AUTH_HMAC_SHA2_256_128 | |
| KE | X25519 X448 MODP_2048 MODP_3072 MODP_4096 MODP_1536 |
|
| AKE1-AKE7 | MODP_1536 MODP_3072 MODP_4096 MODP_2048 X25519 X448 FRODOKEM_640_AES FRODOKEM_976_AES FRODOKEM_1344_AES FRODOKEM_640_SHAKE FRODOKEM_976_SHAKE FRODOKEM_1344_SHAKE HQC_128 HQC_192 HQC_256 KYBER512 KYBER768 KYBER1024 KYBER512_90S KYBER768_90S KYBER1024_90S NTRU_HPS_2048_509 NTRU_HPS_2048_677 NTRU_HPS_4096_821 NTRU_HRSS_701 NTRULPR_653 NTRULPR_761 NTRULPR_857 SNTRUP_653 SNTRUP_761 SNTRUP_857 LIGHTSABER_KEM SABER_KEM FIRESABER_KEM SIDH_P434 SIDH_P434_COMPRESSED SIDH_P503 SIDH_P503_COMPRESSED SIDH_P610 SIDH_P610_COMPRESSED SIDH_P751 SIDH_P751_COMPRESSED SIKE_P434 SIKE_P434_COMPRESSED SIKE_P503 SIKE_P503_COMPRESSED SIKE_P610 SIKE_P610_COMPRESSED SIKE_P751 SIKE_P751_COMPRESSED NONE |
|
| IKE Algorithms (draft-tjhai-ikev2-beyond-64k-limit-03) | AKE1-AKE7 | CLASSIC_MCELIECE_348864 CLASSIC_MCELIECE_348864f CLASSIC_MCELIECE_460896 CLASSIC_MCELIECE_460896f CLASSIC_MCELIECE_6688128 CLASSIC_MCELIECE_6688128f CLASSIC_MCELIECE_6960119 CLASSIC_MCELIECE_6960119f CLASSIC_MCELIECE_8192128 CLASSIC_MCELIECE_8192128f |
| ESP Algorithms | CIPHER | ENCR_AES_GCM_16 (256 bit) ENCR_AES_GCM_8 (256 bit) ENCR_CHACHA20_POLY1305 ENCR_AES_CBC ENCR_KUZNYECHIK_MGM_KTREE ENCR_MAGMA_MGM_KTREE ENCR_KUZNYECHIK_MGM_MAC_KTREE ENCR_MAGMA_MGM_MAC_KTREE |
| AUTH | AUTH_HMAC_SHA2_256_128 | |
| Authentication methods | Signature, PSK | |
| PSK | "SecretPSK" | |
| IDr | IP4: 82.138.51.188 | |
| RFC 8784 | ||
| PPK | "NotQuantumSafe" | |
| PPK ID | PPK_ID_FIXED:"PPKID1" | |
| draft-ietf-ipsecme-ikev2-multiple-ke-07 | ||
| Temporary code points | FRODOKEM_640_AES FRODOKEM_976_AES FRODOKEM_1344_AES FRODOKEM_640_SHAKE FRODOKEM_976_SHAKE FRODOKEM_1344_SHAKE HQC_128 HQC_192 HQC_256 KYBER512 KYBER768 KYBER1024 KYBER512_90S KYBER768_90S KYBER1024_90S NTRU_HPS_2048_509 NTRU_HPS_2048_677 NTRU_HPS_4096_821 NTRU_HRSS_701 NTRULPR_653 NTRULPR_761 NTRULPR_857 SNTRUP_653 SNTRUP_761 SNTRUP_857 LIGHTSABER_KEM SABER_KEM FIRESABER_KEM SIDH_P434 SIDH_P434_COMPRESSED SIDH_P503 SIDH_P503_COMPRESSED SIDH_P610 SIDH_P610_COMPRESSED SIDH_P751 SIDH_P751_COMPRESSED SIKE_P434 SIKE_P434_COMPRESSED SIKE_P503 SIKE_P503_COMPRESSED SIKE_P610 SIKE_P610_COMPRESSED SIKE_P751 SIKE_P751_COMPRESSED CLASSIC_MCELIECE_348864 CLASSIC_MCELIECE_348864f CLASSIC_MCELIECE_460896 CLASSIC_MCELIECE_460896f CLASSIC_MCELIECE_6688128 CLASSIC_MCELIECE_6688128f CLASSIC_MCELIECE_6960119 CLASSIC_MCELIECE_6960119f CLASSIC_MCELIECE_8192128 CLASSIC_MCELIECE_8192128f |
= 1063 = 1064 = 1065 = 1066 = 1067 = 1068 = 1069 = 1070 = 1071 = 1050 = 1051 = 1052 = 126 = 127 = 128 = 1053 = 1054 = 1055 = 1056 = 133 = 134 = 135 = 136 = 137 = 138 = 1057 = 1058 = 1059 = 142 = 143 = 144 = 145 = 146 = 147 = 148 = 149 = 1072 = 151 = 1073 = 153 = 1074 = 155 = 1075 = 157 = 104 = 105 = 106 = 107 = 108 = 109 = 110 = 111 = 112 = 113 |
| draft-tjhai-ikev2-beyond-64k-limit-02 | ||
| Temporary code points | IKE_OVER_TCP | = 50206 |
| draft-ietf-ipsecme-ikev2-qr-alt-00 | ||
| Temporary code points | PPK_IDENTITY_KEY USE_PPK_ALT |
= 50208 = 50209 |
| draft-nir-ipsecme-big-payload-03 | ||
| Temporary code points | LARGE_PAYLOAD_SUPPORTED | = 50300 |