[strongSwan] proposing multiple transforms in IKEv2 AUTH exchange
Martin Willi
martin at strongswan.org
Tue Mar 30 11:44:50 CEST 2010
Hi,
> AH = sha1
We currently do not support AH in IKEv2.
> ESP = 3des, aes-cbc-128
Use a comma separated list of proposals in the esp parameter:
esp=aes128-sha1,aes256-aesxcbc,aes128gcm12,3des-md5
By default, the IKEv2 daemon appends a default "catch all" proposal
including all supported algorithms to the end of the list. To prevent
this, use the strict proposal mode by appending a ! to the end of the
list:
esp=aes128-sha1,3des-md5!
Regards
Martin
More information about the Users
mailing list