VPNs
-
Remote access VPN support (SRX2300)—Starting in Junos OS Release 24.2R1, you can use Juniper Secure Connect for remote access VPN. [See Juniper Secure Connect Administrator Guide.]
-
Support for ChaCha20-Poly1305 algorithm (SRX1600, SRX2300, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—Starting in Junos OS Release 24.2R1, we support ChaCha20-Poly1305 authenticated encryption algorithm for IPsec VPN services. You can configure the algorithm using the option
chacha20-poly1305for:- control plane with the IKEv2 protocol.
- data plane with the IPsec ESP protocol. You configure the algorithm in PowerMode IPsec (PMI) mode for the SRX Series Firewalls, and in both the PMI and non-PMI modes for vSRX 3.0. You cannot use the algorithm for IPsec when the VPN monitoring feature is enabled.
[See proposal (Security IKE), proposal (Security IPsec), show security ike security-associations, and show security ipsec security-associations.]
-
Support for IPv6 address in ADVPN with iked process (SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—Starting in Junos OS Release 24.2R1, we support Auto Discovery VPN (ADVPN) configuration with IPv6 address on firewalls that run the iked process for IPsec VPN service.
[See Auto Discovery VPNs.]
-
Support for multicast traffic in AutoVPN and ADVPN with iked process (SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, and vSRX 3.0)—Starting in Junos OS Release 24.2R1, we support IP multicast with AutoVPN and Auto Discovery VPN (ADVPN). The IP multicast uses Protocol Independent Multicast (PIM) using point-to-multipoint (P2MP) mode over st0 interface on firewalls that run the iked process for IPsec VPN service. Your firewall supports IPv4 multicast in PIM sparse mode.
You can enable PIM on the
st0secure tunnel interface using the interface-name option at the[edit protocols pim interface interface-name]hierarchy level.[See AutoVPN, Auto Discovery VPNs, and interface (Protocols PIM).]