[strongSwan] Forward Secrecy

Wed Dec 20 01:00:32 CET 2017

> I am not very happy using RSA as the cipher, since it's been cracked.  And, as any reader of Schnier knows, elliptic curve is out of the question.
>
> ikev2 only here.   I would like to use a DHE cipher, or better yet a lattice cipher, but I can not find any evidence of how to set these.  I presume it would be part of the ike= directive, but there are no examples of what strings to use.  (I have no idea what the esp= directive pertains to)  Can anyone advise?
>
> I notice that there is a provisional lattice cipher for StrongSwan, very good news (though I'd have to compile SS), but unfortunately it is not supported by the Android app.  Would but that it were...

I read [here](https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations), "PFS for strongSwan 5.x onwards is enabled by appending a DH group to the ESP or AH cipher settings."  Uh, you don't say?  It gives no further clues to the proletariat how to work this arcane magick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171219/2d4eaaef/attachment.html>