Diffie Hellman Group - phase 2
-
Hi,
I will be use my PFSense for site to site VPN but I have a problem with the DH on phase 2.
On phase 1, i can define any values (1,2,5, …, 21,22,23,24,28,..) but on phase 2 i do not have 22,23,24 values…In my case, i work with another company and he would like be DH24 for phase 1 and phase 2.
Why this values do not available on phase 2 ?
Regards,
Cedric -
We added them in on 2.4 – but -- DH Groups 22, 23, and 24 are not desirable. See https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites , they have a questionable source of primes and are potentially trapdoored.
I would encourage the other party to change to a better DH group if possible.
-
Thank jimp for your speed reply.
I will go to contact the another company for up this value.