[strongSwan] Recommended Practice: Encryption options for net-to-net tunnels
Tom Rymes
trymes at rymes.com
Thu Dec 10 00:57:25 CET 2015
I was hoping that someone might aid me in providing a best practice when setting up a tunnel between two devices connecting two lans.
Is it best to specify one and only one combination of encryption schemes for this tunnel (i.e.: ike=aes256-sha2_256-ecp512bp) or multiple options? This is presuming that you know what options each side supports.
In other words, which aids in reliability and avoiding problems: limiting the options down to one combination, or providing multiple choices?
Thank you,
Tom
More information about the Users
mailing list