[strongSwan] Strongswan IKEv2 AES-GCM in IKE_SA

Tobias Brunner tobias at strongswan.org
Thu May 12 13:32:59 CEST 2016


> AES-GCM Is used for both IKE and ESP but in the newest version of pfsense
> AES-GCM is removed in IKE_SA (aka phase 1) with the reason that AES GCM
> isn't a valid option for IKE_SA.
> So my question is if AES-GCM is a valid option in IKE_SA.

Not for IKEv1.  But it is for IKEv2, which you are using.  Its use is
defined in RFC 5282.


[1] https://tools.ietf.org/html/rfc5282

More information about the Users mailing list