[strongSwan] Strongswan is proposing only PFS enabled proposals as part of quick mode
pothuganti sridhar
pothuganti.sridhar at gmail.com
Fri Oct 7 09:48:00 CEST 2016
Hi,
We have configured two proposals one with PFS enabled and another with PFS
disabled. With this configuration, strongswan is sharing only one PFS
enabled proposal to peer in quick mode.
Following is our configuration:
conn client
auto=add
left=%any
ike=3des-md5-modp1024!
* esp=aes128-md5-modp1024,aes128-md5!*
right=2.2.2.1
leftauth=psk
rightauth=psk
aggressive=yes
leftid=keyid:C2S
rightid=%any
modeconfig=pull
leftsourceip=%config
rightsubnet=0.0.0.0/0
xauth=client
leftauth2=xauth
xauth_identity=user
dpddelay=40
dpdtimeout=120
dpdaction=clear
ikelifetime=28800s
lifetime=300s
rekeymargin=15s
With the above configuration, strongswan is sending only one proposal "
*aes128-md5-modp1024*" part of quick mode, instead of sending both.
Is there any way we can send both proposals to the peer in the quick mode.
Any pointers would be helpful.
Regards,
Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161007/11c4ae88/attachment.html>
More information about the Users
mailing list