[strongSwan] How to allow AES256GCM and diffieHellmanGroup 19
Houman
houmie at gmail.com
Thu Oct 15 12:41:40 CEST 2020
Hello,
(Sorry about the previous message without a subject line)
I would like to change the encryption to support the following on iOS:
ikev2.ikeSecurityAssociationParameters.encryptionAlgorithm =
.algorithmAES256GCM
ikev2.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA384
ikev2.ikeSecurityAssociationParameters.diffieHellmanGroup = .group19
ikev2.childSecurityAssociationParameters.encryptionAlgorithm =
.algorithmAES256GCM
ikev2.childSecurityAssociationParameters.integrityAlgorithm = .SHA384
ikev2.childSecurityAssociationParameters.diffieHellmanGroup = .group19
This is how the server is setup:
config setup
strictcrlpolicy=yes
uniqueids=never
conn ${SERVERNAME}
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048,
aes256-sha256-ecp521-ecp256-modp4096-modp2048!
esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048,
aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1!
dpdaction=clear
dpddelay=180s
dpdtimeout=3600s
rekey=no
left=%any
leftid=@${VPNHOST}
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0, ::/0
right=%any
rightid=%any
rightauth=eap-radius
eap_identity=%any
rightdns=${DNS1},${DNS2}
rightsourceip=${VPNIPPOOL},${VPNIP6POOL}
leftfirewall=no
But I can't connect, what do I have to change to make this possible,
please?
Thanks
Houman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201015/ffcfb210/attachment.html>
More information about the Users
mailing list