[strongSwan] Are these StrongSwan settings optimal for iOS devices?

Houman houmie at gmail.com
Sat Feb 16 16:08:47 CET 2019


Hello,

I have set up a StrongSwan server on Ubuntu 18.04 and am really enjoying
it. I was hoping to check with you guys to see if these settings are
optimal or if it could be still improved.

I only allow iOS devices to connect to this server. So I don't care that
much about Windows and Android at this point.  Security is important but
fast handshake and speed are also a key factor.  What do you think?

config setup
  strictcrlpolicy=yes
  uniqueids=never
conn roadwarrior
  auto=add
  compress=yes
  type=tunnel
  keyexchange=ikev2
  fragmentation=yes
  forceencaps=yes
  ike=aes256-sha256-ecp521-ecp256-modp4096-modp2048!
  esp=aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048,
aes256-sha256-sha1!
  dpdaction=clear
  dpddelay=180s
  rekey=no
  left=%any
  leftid=@my.server.com
  leftcert=cert.pem
  leftsendcert=always
  leftsubnet=0.0.0.0/0
  right=%any
  rightid=%any
  rightauth=eap-radius
  eap_identity=%any
  rightdns=208.67.222.222,208.67.220.220
  rightsourceip=10.10.10.0/24
  rightsendcert=never

Many Thanks,
Houman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190216/c9f8d177/attachment.html>


More information about the Users mailing list