[strongSwan] policy mismatch

Jafar Al-Gharaibeh jafar at atcorp.com
Wed May 2 21:07:53 CEST 2018


[1] worked for me in the past. I also came across [2] which allows more 
options but I couldn't get that to work. I changed the 
encryption/integrity algorithms. I restated windows, but the proposal 
sent by windows didn't seem to be affected by changes using [2].

Regards,
Jafar

[1] 
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
[2] https://wiki.strongswan.org/projects/strongswan/wiki/WindowsVista


On 5/2/2018 3:40 AM, ccsalway wrote:
> Thats what I meant by using stronger ciphers and adding the two DHG’s in the proposal.
>
>
>> On 2 May 2018, at 09:37, Tobias Brunner <tobias at strongswan.org> wrote:
>>
>> Hi Christian,
>>
>>> For the record, the IKE proposals that work for OSX and Windows (with
>>> weak or strong ciphers enabled) is as follows
>>>
>>> aes256-sha256-prfsha256-modp2048-modp1024
>> If you want to use a stronger DH group with Windows clients see [1].
>>
>> Regards,
>> Tobias
>>
>> [1]
>> https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
>



More information about the Users mailing list