[strongSwan] Strongswan IKEv2 AES-GCM in IKE_SA
Lars Alex Pedersen
laa at kamstrup.com
Thu May 12 12:44:59 CEST 2016
I have successfully been using pfsense 2.2.6 with rw clients connecting into
with IKEv2 PSK and with the following ipsec.conf.
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="cfg 1, dmn 2, ike 1"
conn %default
ikelifetime=28800s
lifetime=10800s
margintime=600s
keyingtries=1
keyexchange=ikev2
type=tunnel
dpdaction=clear
dpddelay=900s
ike=aes256gcm128-sha512-ecp512bp!
esp=aes256gcm128-ecp512bp!
authby=psk
AES-GCM Is used for both IKE and ESP but in the newest version of pfsense
AES-GCM is removed in IKE_SA (aka phase 1) with the reason that AES GCM
isn't a valid option for IKE_SA.
So my question is if AES-GCM is a valid option in IKE_SA.
https://github.com/pfsense/pfsense/commit/76bec1ab8790964c9714f7f8497edfa1a6
c53409
Best regards
Lars Alex Pedersen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3545 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160512/ff345e95/attachment.bin>
More information about the Users
mailing list