4. IPSec Deprecated Cipher Suites not proposed even though configured via web configurator

IPSec Deprecated Cipher Suites not proposed even though configured via web configurator

  • P

    Hi All,

    I'm setting up a proof of concept / demo VPN connection with some older hardware which don't support the higher DH Groups (14 and above).

    In the web configurator the DH Groups 1,2 and 5 are still valid options. But StongSwan doses not list them as configured proposals when IPSec negotiation is occurring.

    So i am wondering if there is a config we can change to enable the weak cipher suites for testing purposes?

    Thanks.

    0
  • Rebel Alliance Developer Netgate

    If you have them configured on a P1 or P2 they should be proposed and used if needed.

    You'll need to show the contents of your /var/etc/ipsec/ipsec.conf and the related IPsec logs to tell anything for sure.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy