[strongSwan] Windows IKE and PFS settings
Victor Sudakov
vas at sibptus.ru
Mon Jan 20 17:31:49 CET 2020
Noel Kuntze wrote:
> >> Here is what I've been able to gather from some Windows networking
> >> cookbooks about those knobs: http://admin.sibptus.ru/~vas/SessionVsMasterPFS.png
> > So, does anyone have an idea what those knobs could mean to Strongswan
> > while selected/deselected in Windows independently from each other?
> >
>
> Probably means ...
> 1) master key pfs: rekey/reauth the IKE_SA every time a new CHILD_SA is negotiated
> 2) session key pfs: use an (EC)DHE KEX when negotiating new CHILD_SAs.
>
> To be sure we'd need to test those cases and look at what it does differently.
I'd be happy to test if I knew where and what to look for on the Strongswan side.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list