IPSec: AES-GCM in both Phase 1 and Phase 2?
The PFSense online documentation differs from The PFSense Book (30 May 2019) regarding the configuration of Phase 1 and Phase 2 encryption algorithm for site-to-site IPSec VPN using Hardware Encryption.
For Phase 1, the online documentation says "If both sides support AES-GCM, use AES128-GCM with a 128 bit Key Length. " and "The best choice for use with AES-GCM is AES-XCBC.".
But the PFSense book says "Encryption Algorithm Use AES with a key length of 256 bits. Hash Algorithm Use SHA256 if both sides support it" for Phase 1.
For Phase 2, the online documentation says "Use AES128-GCM if available".
For Phase 2, the book says "select AES256-GCM with a 128 bit key length."
Both online documentation and book agree on no hashing for Phase 2.
So which is correct or preferable?
Should we have AES-GCM in both Phase 1 and Phase 2 OR only in Phase 2 as per the book?
And should we use AES256-GCM (128 bit)as per the book or AES128-GCM (128 bit) as per online documentation?
Thank you very much
bouke last edited by bouke
Not sure what's the best option, but on my APU3 these settings work very well:
- IPSec Phase 1: IKEv2, Encryption: AES256-GCM mit 128bit Blocklänge, Hash: AES-XCBC, DH-Group: 14
- IPSec Phase 2: Encryption: AES256-GCM 128bit Blocklänge, Hash: AES-XCBC, PFS group 14
Thank you very much bouke for sharing.
Your settings are quite similar to ours and we will probably follow you in using AES256-GCM 128 bits instead of AES128-GCM 128 bits. But we will probably skip hashing for Phase 2.
Key Exchange version: IKEv2
Encryption Algorithm: AES128-GCM
Key length: 128 bits
DH Group: 14 (2048 bit)
Encryption Algorithm: AES128-GCM 128 bits
Hash Algorithms: None selected
PFS key group: 14 (2048 bit)
No hashing is selected for Phase 2 because both the book and online documentation say "With AES-GCM in use, no hash is required. " and "When using AES-GCM, do not select any Hash Algorithm entries as AES- GCM already performs hashing." respectively for Phase 2.
We are using a Protectli device:
Firewall Micro Appliance With 4x Intel Gigabit Ports, Intel Atom E3845, AES-NI, 8GB RAM, 128GB mSATA
CPU Type Intel(R) Atom(TM) CPU E3845 @ 1.91GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
Version 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019