# Print output for @column tags ?> IkeSessionParams - Android SDK | Android Developers

Most visited

Recently visited

IkeSessionParams

public final class IkeSessionParams
extends Object

java.lang.Object
   ↳ android.net.ipsec.ike.IkeSessionParams


IkeSessionParams contains all user provided configurations for negotiating an IkeSession.

Note that all negotiated configurations will be reused during rekey including SA Proposal and lifetime.

Summary

Nested classes

class IkeSessionParams.Builder

This class can be used to incrementally construct a IkeSessionParams

class IkeSessionParams.IkeAuthConfig

This class contains common information of an IKEv2 authentication configuration. 

class IkeSessionParams.IkeAuthDigitalSignLocalConfig

This class represents the configuration to support IKEv2 public-key-signature-based authentication of the local side. 

class IkeSessionParams.IkeAuthDigitalSignRemoteConfig

This class represents the configuration to support IKEv2 public-key-signature-based authentication of the remote side. 

class IkeSessionParams.IkeAuthEapConfig

This class represents the configuration to support EAP authentication of the local side. 

class IkeSessionParams.IkeAuthPskConfig

This class represents the configuration to support IKEv2 pre-shared-key-based authentication of local or remote side. 

Constants

int IKE_OPTION_ACCEPT_ANY_REMOTE_ID

If set, the IKE library will accept any remote (server) identity, even if it does not match the configured remote identity

See Builder#setRemoteIdentification(IkeIdentification)

int IKE_OPTION_EAP_ONLY_AUTH

If set, and EAP has been configured as the authentication method, the IKE library will request that the remote (also) use an EAP-only authentication flow.

int IKE_OPTION_FORCE_PORT_4500

Configures the IKE session to always send to port 4500.

int IKE_OPTION_MOBIKE

If set, the IKE library will be able to handle network and address changes.

Public methods

int getDpdDelaySeconds()

Retrieves the Dead Peer Detection(DPD) delay in seconds

int getHardLifetimeSeconds()

Retrieves hard lifetime in seconds

List<IkeSaProposal> getIkeSaProposals()

Retrieves all IkeSaProposals configured

IkeSessionParams.IkeAuthConfig getLocalAuthConfig()

Retrieves the local (client) authentication configuration

IkeIdentification getLocalIdentification()

Retrieves the local (client) identity

int getNattKeepAliveDelaySeconds()

Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds

Network getNetwork()

Retrieves the configured Network, or null if was not set.

IkeSessionParams.IkeAuthConfig getRemoteAuthConfig()

Retrieves the remote (server) authentication configuration

IkeIdentification getRemoteIdentification()

Retrieves the required remote (server) identity

int[] getRetransmissionTimeoutsMillis()

Retrieves the relative retransmission timeout list in milliseconds

@see Builder#setRetransmissionTimeoutsMillis(int[])

String getServerHostname()

Retrieves the configured server hostname

The configured server hostname will be resolved during IKE Session creation.

int getSoftLifetimeSeconds()

Retrieves soft lifetime in seconds

boolean hasIkeOption(int ikeOption)

Checks if the given IKE Session negotiation option is set

Inherited methods

Constants

IKE_OPTION_ACCEPT_ANY_REMOTE_ID

public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID

If set, the IKE library will accept any remote (server) identity, even if it does not match the configured remote identity

See Builder#setRemoteIdentification(IkeIdentification)

Constant Value: 0 (0x00000000)

IKE_OPTION_EAP_ONLY_AUTH

public static final int IKE_OPTION_EAP_ONLY_AUTH

If set, and EAP has been configured as the authentication method, the IKE library will request that the remote (also) use an EAP-only authentication flow.

@see Builder#setAuthEap(X509Certificate, EapSessionConfig)

Constant Value: 1 (0x00000001)

IKE_OPTION_FORCE_PORT_4500

public static final int IKE_OPTION_FORCE_PORT_4500

Configures the IKE session to always send to port 4500.

If set, the IKE Session will be initiated and maintained exclusively using destination port 4500, regardless of the presence of NAT. Otherwise, the IKE Session will be initiated on destination port 500; then, if either a NAT is detected or both MOBIKE and NAT-T are supported by the peer, it will proceed on port 4500.

Constant Value: 3 (0x00000003)

IKE_OPTION_MOBIKE

public static final int IKE_OPTION_MOBIKE

If set, the IKE library will be able to handle network and address changes.

The IKE library will first attempt to enable MOBIKE to handle the changes of underlying network and addresses. If the server does not support MOBIKE, the IKE library will handle the changes by rekeying all the underlying Child SAs.

If this option is set for an IKE Session, Transport-mode SAs will not be allowed in that Session.

Checking if MOBIKE is supported by both the IKE library and the server in an IKE Session is done via IkeSessionConfiguration#isIkeExtensionEnabled(int).

Constant Value: 2 (0x00000002)

Public methods

getDpdDelaySeconds

public int getDpdDelaySeconds ()

Retrieves the Dead Peer Detection(DPD) delay in seconds

Returns
int Value is between IKE_DPD_DELAY_SEC_MIN and IKE_DPD_DELAY_SEC_MAX inclusive

getHardLifetimeSeconds

public int getHardLifetimeSeconds ()

Retrieves hard lifetime in seconds

Returns
int Value is between IKE_HARD_LIFETIME_SEC_MINIMUM and IKE_HARD_LIFETIME_SEC_MAXIMUM inclusive

getIkeSaProposals

public List<IkeSaProposal> getIkeSaProposals ()

Retrieves all IkeSaProposals configured

Returns
List<IkeSaProposal> This value cannot be null.

getLocalAuthConfig

public IkeSessionParams.IkeAuthConfig getLocalAuthConfig ()

Retrieves the local (client) authentication configuration

Returns
IkeSessionParams.IkeAuthConfig This value cannot be null.

getLocalIdentification

public IkeIdentification getLocalIdentification ()

Retrieves the local (client) identity

Returns
IkeIdentification This value cannot be null.

getNattKeepAliveDelaySeconds

public int getNattKeepAliveDelaySeconds ()

Retrieves the Network Address Translation Traversal (NATT) keepalive delay in seconds

Returns
int Value is between IKE_NATT_KEEPALIVE_DELAY_SEC_MIN and IKE_NATT_KEEPALIVE_DELAY_SEC_MAX inclusive

getNetwork

public Network getNetwork ()

Retrieves the configured Network, or null if was not set.

@see Builder#setNetwork(Network)

Returns
Network

getRemoteAuthConfig

public IkeSessionParams.IkeAuthConfig getRemoteAuthConfig ()

Retrieves the remote (server) authentication configuration

Returns
IkeSessionParams.IkeAuthConfig This value cannot be null.

getRemoteIdentification

public IkeIdentification getRemoteIdentification ()

Retrieves the required remote (server) identity

Returns
IkeIdentification This value cannot be null.

getRetransmissionTimeoutsMillis

public int[] getRetransmissionTimeoutsMillis ()

Retrieves the relative retransmission timeout list in milliseconds

@see Builder#setRetransmissionTimeoutsMillis(int[])

Returns
int[] This value cannot be null.

getServerHostname

public String getServerHostname ()

Retrieves the configured server hostname

The configured server hostname will be resolved during IKE Session creation.

Returns
String This value cannot be null.

getSoftLifetimeSeconds

public int getSoftLifetimeSeconds ()

Retrieves soft lifetime in seconds

Returns
int Value is between IKE_SOFT_LIFETIME_SEC_MINIMUM and IKE_HARD_LIFETIME_SEC_MAXIMUM inclusive

hasIkeOption

public boolean hasIkeOption (int ikeOption)

Checks if the given IKE Session negotiation option is set

Parameters
ikeOption int: Value is IKE_OPTION_ACCEPT_ANY_REMOTE_ID, IKE_OPTION_EAP_ONLY_AUTH, or IKE_OPTION_MOBIKE

Returns
boolean