Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Deprecated Cipher Suites not proposed even though configured via web configurator

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 300 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pooperman
      last edited by

      Hi All,

      I'm setting up a proof of concept / demo VPN connection with some older hardware which don't support the higher DH Groups (14 and above).

      In the web configurator the DH Groups 1,2 and 5 are still valid options. But StongSwan doses not list them as configured proposals when IPSec negotiation is occurring.

      So i am wondering if there is a config we can change to enable the weak cipher suites for testing purposes?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you have them configured on a P1 or P2 they should be proposed and used if needed.

        You'll need to show the contents of your /var/etc/ipsec/ipsec.conf and the related IPsec logs to tell anything for sure.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.