[strongSwan] Windows IKE and PFS settings
Victor Sudakov
vas at sibptus.ru
Wed Jan 15 11:51:11 CET 2020
Tobias Brunner wrote:
>
> > esp=3des-sha1!
>
> PFS is enabled if you add a DH group to the ESP proposal.
I suspected that, but Windows offers two knobs which can be enabled independently, that's the confusion.
Here is what I've been able to gather from some Windows networking
cookbooks about those knobs: http://admin.sibptus.ru/~vas/SessionVsMasterPFS.png
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list