Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec: AES-GCM in both Phase 1 and Phase 2?

    Scheduled Pinned Locked Moved
    IPsec
    2
    3
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CheeMG
      last edited by CheeMG

      Hi All
      The PFSense online documentation differs from The PFSense Book (30 May 2019) regarding the configuration of Phase 1 and Phase 2 encryption algorithm for site-to-site IPSec VPN using Hardware Encryption.

      For Phase 1, the online documentation says "If both sides support AES-GCM, use AES128-GCM with a 128 bit Key Length. " and "The best choice for use with AES-GCM is AES-XCBC.".

      But the PFSense book says "Encryption Algorithm Use AES with a key length of 256 bits. Hash Algorithm Use SHA256 if both sides support it" for Phase 1.

      For Phase 2, the online documentation says "Use AES128-GCM if available".
      For Phase 2, the book says "select AES256-GCM with a 128 bit key length."
      Both online documentation and book agree on no hashing for Phase 2.

      So which is correct or preferable?
      Should we have AES-GCM in both Phase 1 and Phase 2 OR only in Phase 2 as per the book?
      And should we use AES256-GCM (128 bit)as per the book or AES128-GCM (128 bit) as per online documentation?

      Thank you very much
      cmgui

      1 Reply Last reply Reply Quote 0
      • boukeB
        bouke
        last edited by bouke

        Not sure what's the best option, but on my APU3 these settings work very well:

        • IPSec Phase 1: IKEv2, Encryption: AES256-GCM mit 128bit Blocklänge, Hash: AES-XCBC, DH-Group: 14
        • IPSec Phase 2: Encryption: AES256-GCM 128bit Blocklänge, Hash: AES-XCBC, PFS group 14
        1 Reply Last reply Reply Quote 1
        • C
          CheeMG
          last edited by CheeMG

          Thank you very much bouke for sharing.

          Your settings are quite similar to ours and we will probably follow you in using AES256-GCM 128 bits instead of AES128-GCM 128 bits. But we will probably skip hashing for Phase 2.

          Phase 1
          Key Exchange version: IKEv2
          Encryption Algorithm: AES128-GCM
          Key length: 128 bits
          Hash: AES-XCBC
          DH Group: 14 (2048 bit)
          Phase 2
          Protocol: ESP
          Encryption Algorithm: AES128-GCM 128 bits
          Hash Algorithms: None selected
          PFS key group: 14 (2048 bit)

          No hashing is selected for Phase 2 because both the book and online documentation say "With AES-GCM in use, no hash is required. " and "When using AES-GCM, do not select any Hash Algorithm entries as AES- GCM already performs hashing." respectively for Phase 2.

          We are using a Protectli device:
          Firewall Micro Appliance With 4x Intel Gigabit Ports, Intel Atom E3845, AES-NI, 8GB RAM, 128GB mSATA

          CPU Type Intel(R) Atom(TM) CPU E3845 @ 1.91GHz
          4 CPUs: 1 package(s) x 4 core(s)
          AES-NI CPU Crypto: Yes (active)
          Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
          Version 2.4.4-RELEASE-p3 (amd64)
          built on Wed May 15 18:53:44 EDT 2019
          FreeBSD 11.2-RELEASE-p10

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.