[strongSwan] Are these StrongSwan settings optimal for iOS devices?
Houman
houmie at gmail.com
Sat Feb 16 16:08:47 CET 2019
Hello,
I have set up a StrongSwan server on Ubuntu 18.04 and am really enjoying
it. I was hoping to check with you guys to see if these settings are
optimal or if it could be still improved.
I only allow iOS devices to connect to this server. So I don't care that
much about Windows and Android at this point. Security is important but
fast handshake and speed are also a key factor. What do you think?
config setup
strictcrlpolicy=yes
uniqueids=never
conn roadwarrior
auto=add
compress=yes
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256-sha256-ecp521-ecp256-modp4096-modp2048!
esp=aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048,
aes256-sha256-sha1!
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
leftid=@my.server.com
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-radius
eap_identity=%any
rightdns=208.67.222.222,208.67.220.220
rightsourceip=10.10.10.0/24
rightsendcert=never
Many Thanks,
Houman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190216/c9f8d177/attachment.html>
More information about the Users
mailing list