IPSec Deprecated Cipher Suites not proposed even though configured via web configurator
-
Hi All,
I'm setting up a proof of concept / demo VPN connection with some older hardware which don't support the higher DH Groups (14 and above).
In the web configurator the DH Groups 1,2 and 5 are still valid options. But StongSwan doses not list them as configured proposals when IPSec negotiation is occurring.
So i am wondering if there is a config we can change to enable the weak cipher suites for testing purposes?
Thanks.
-
If you have them configured on a P1 or P2 they should be proposed and used if needed.
You'll need to show the contents of your
/var/etc/ipsec/ipsec.conf
and the related IPsec logs to tell anything for sure.