Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Diffie Hellman Group - phase 2

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Mordi33
      last edited by

      Hi,
      I will be use my PFSense for site to site VPN but I have a problem with the DH on phase 2.
      On phase 1, i can define any values (1,2,5, …, 21,22,23,24,28,..) but on phase 2 i do not have 22,23,24 values…

      In my case, i work with another company and he would like be DH24 for phase 1 and phase 2.

      Why this values do not available on phase 2 ?

      Regards,
      Cedric

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        We added them in on 2.4 – but -- DH Groups 22, 23, and 24 are not desirable. See https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites , they have a questionable source of primes and are potentially trapdoored.

        I would encourage the other party to change to a better DH group if possible.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M Offline
          Mordi33
          last edited by

          Thank jimp for your speed reply.
          I will go to contact the another company for up this value.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.