• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPSEC chachapoly support, windows clients parameters?

CE 2.7.0 Development Snapshots (Retired)
2
4
645
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    periko
    last edited by Jun 22, 2023, 3:24 AM

    Hello guys.

    The new cipher for IPSEC Chachapoly:

    Support for ChaCha20-Poly1305 encryption with IPsec
    

    I want to setup EAP-MSCHAPv2 and EAP-TLS but would like to know the settings to use with this new cipher under IPSEC?

    🔒 Log in to view

    Any help will be appreciated, thanks!!!

    Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
    www.bajaopensolutions.com
    https://www.facebook.com/BajaOpenSolutions
    Quieres aprender PfSense, visita mi canal de youtube:
    https://www.youtube.com/c/PedroMorenoBOS

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jun 22, 2023, 7:44 PM

      As far as I'm aware, Windows doesn't support ChaCha20-Poly1305 for IPsec yet.

      If it did, it would be listed in their docs for configuring VPN parameters:

      https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      P 1 Reply Last reply Jun 23, 2023, 1:18 PM Reply Quote 2
      • P
        periko @jimp
        last edited by Jun 23, 2023, 1:18 PM

        @jimp I was thinking that maybe Windows will be limited about this, them ipsec site to site between 2 pfsense boxes could benefit from this new feauture.
        Thanks master.

        Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
        www.bajaopensolutions.com
        https://www.facebook.com/BajaOpenSolutions
        Quieres aprender PfSense, visita mi canal de youtube:
        https://www.youtube.com/c/PedroMorenoBOS

        1 Reply Last reply Reply Quote 1
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jun 23, 2023, 2:52 PM

          Yes, it does work pfSense <-> pfSense and also with TNSR (TNSR <-> TNSR and TNSR <-> pfSense).

          It may not be any faster than AES-GCM depending on your setup but the only way to know for sure is to test it on your own hardware, environment, and workload.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 1
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.