[strongSwan] Strongswan IKEv2 AES-GCM in IKE_SA
Tobias Brunner
tobias at strongswan.org
Thu May 12 13:32:59 CEST 2016
Hi,
> AES-GCM Is used for both IKE and ESP but in the newest version of pfsense
>
> AES-GCM is removed in IKE_SA (aka phase 1) with the reason that AES GCM
>
> isn't a valid option for IKE_SA.
>
>
> So my question is if AES-GCM is a valid option in IKE_SA.
Not for IKEv1. But it is for IKEv2, which you are using. Its use is
defined in RFC 5282.
Regards,
Tobias
[1] https://tools.ietf.org/html/rfc5282
More information about the Users
mailing list