[strongSwan] Enabling pfs in strongswan 5.3

Andreas Steffen andreas.steffen at strongswan.org
Sat Jun 4 13:30:28 CEST 2016


Hi Achyar,

just add a DH group to the esp statement and PFS will be activated,
e.g. in ipsec.conf:

   esp=aes128gcm16-modp3072!

or in swanctl.conf:

   esp_proposals = aes128gcm16-modp3072

Regards

Andreas

On 04.06.2016 05:27, achyar.nur wrote:
> Hi Everyone,
> 
>  
> 
> I use, strongswan 5.3.2 and want to running pfs. Let me know how to
> configure it
> 
>  
> 
> [root at strongswan-achyarnurandidotnet-s1 ~]# strongswan version
> 
> Linux strongSwan U5.3.2/K3.10.0-327.18.2.el7.x86_64
> 
> Institute for Internet Technologies and Applications
> 
> University of Applied Sciences Rapperswil, Switzerland
> 
> See 'strongswan --copyright' for copyright information.
> 
> [root at strongswan-achyarnurandidotnet-s1 ~]#
> 
>  
> 
> I got information from documentation that, prior 5.0 pfs is depreciated
> command. And should be configured in dh group.
> 
>  
> 
>  
> 
> Thank you,
> 
>  
> 
>  
> 
> Achyar
> 
> 
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> 	Virus-free. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160604/123a7651/attachment.bin>


More information about the Users mailing list