[strongSwan] Different cipher suites for each connection parameters
Lars Alex Pedersen
laa at kamstrup.com
Wed Apr 29 15:07:34 CEST 2015
Hi,
Is it possible to have different cipher suites for all the "conn" parameters in ipsec.conf? In the following example I want the "clientLinuxPSK" to one set of ciphers while the other "clientWinCert" should use another set. Currently it looks like that the last esp or ike line overrules the ones before.
Config setup
charondebug="cfg 2, dmn 2, ike 1"
conn %default
ikelifetime=60m
......
conn clientLinuxPSK
ike=aes256gcm128-sha512-ecp512bp,aes256gcm128-sha512-ecp521,aes256gcm128-sha512-modp4096!
esp=aes128gcm128-ecp256bp,aes256gcm128-ecp512bp,aes256gcm128-ecp521,aes256gcm128-modp4096!
......
conn clientWinCert
ike=aes256-sha384-prfsha384-modp1024!
esp=aes256-sha1
.....
Regards
Lars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150429/e4d44cb5/attachment.html>
More information about the Users
mailing list