[strongSwan] Windows IKE and PFS settings
Victor Sudakov
vas at sibptus.ru
Mon Jan 20 08:14:30 CET 2020
Victor Sudakov wrote:
> Tobias Brunner wrote:
> >
> > > esp=3des-sha1!
> >
> > PFS is enabled if you add a DH group to the ESP proposal.
>
> I suspected that, but Windows offers two knobs which can be enabled independently, that's the confusion.
>
> Here is what I've been able to gather from some Windows networking
> cookbooks about those knobs: http://admin.sibptus.ru/~vas/SessionVsMasterPFS.png
So, does anyone have an idea what those knobs could mean to Strongswan
while selected/deselected in Windows independently from each other?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list