[strongSwan] How to restrict IKE and ESP proposals in VICI

Marc Obbad marc.obbad at gmail.com
Thu Mar 16 07:02:45 CET 2017


We are trying to limit the set of algorithms to negotiate for IKE and ESP.
In IPSEC.CONF this is done by adding “!”.

If we apply the same “!” at the end of list, are get a message “loading
connection TEST failed : invalid value for: proposals, config discarded “



Here is an example:



  vici_begin_list(req,"*proposals*");

       vici_add_list_itemf(req,"%s","aes256-sha512-sha384-sha256-sha-ecp256-modp2048-prfsha1
!");

    vici_end_list(req);





Is there a way to limit the proposals in VICI ?



Thanks,

-Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/6baa05f1/attachment.html>


More information about the Users mailing list