[strongSwan] Recommended Practice: Encryption options for net-to-net tunnels

Tom Rymes trymes at rymes.com
Thu Dec 10 18:27:02 CET 2015

On 12/10/2015 11:34 AM, Andreas Steffen wrote:
> By the way
>     ike=aes256-sha2_256-ecp512bp
> does not give you constant 256 bit security. The correct choice is
>     ike=aes256-sha512-ecp512bp!
> Make sure to add the '!' strict flag at the end of your proposal
> list. Otherwise a big list of default strongSwan proposals will be
> appended.

While we are on this topic, is there any sort of consensus on proposals 
to use when connecting Strongswan boxen?

I am generally connecting two types of tunnels, both of which carry SIP 
voice traffic:

1.) Device supporting AES-NI to Device not supporting AES-NI
2.) Two devices that both support AES-NI

Given the gains in encryption/decryption speed, I presume that the 
combination that combines the best tradeoff between security, 
throughput, and latency will be different depending on which of those 
two types is being set up, and as evidenced above, I clearly don't know 
enough to wisely choose a good combination.

At one point I had chosen these settings, but they are likely far from 


My apologies if this is a question with an obvious answer that I have 
simply missed.

Thank you,


More information about the Users mailing list