[strongSwan] Recommended Practice: Encryption options for net-to-net tunnels

Tom Rymes trymes at rymes.com
Thu Dec 10 00:57:25 CET 2015

I was hoping that someone might aid me in providing a best practice when setting up a tunnel between two devices connecting two lans.

Is it best to specify one and only one combination of encryption schemes for this tunnel (i.e.: ike=aes256-sha2_256-ecp512bp) or multiple options? This is presuming that you know what options each side supports.

In other words, which aids in reliability and avoiding problems: limiting the options down to one combination, or providing multiple choices?

Thank you,


More information about the Users mailing list