Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    List all IKEv2 IKE and ESP proposals of various device clients in this thread/post.

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jerrywoo96
      last edited by jerrywoo96

      Hi everyone!

      I'd like to help to gather all the proposals sent from every devices in this post/thread to help other people configure their pfSense IKEv2 settings properly to allow devices of their choosing to connect to the VPN server with the highest security. If would like to contribute, do state your device and the proposals sent from the devices and post them in this thread. Thanks!

      Windows native +
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\NegotiateDH2048_AES256 set to 2:
      Phase 1
      IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
      IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
      IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048
      Phase 2
      ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ

      Android Strongswan:
      Phase 1:

      IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_521/ECP_256/ECP_384/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048,

      IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_521/ECP_256/ECP_384/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048

      Phase 2:
      ESP:AES_GCM_16_256/AES_GCM_16_128/CHACHA20_POLY1305/NO_EXT_SEQ, ESP:AES_CBC_256/AES_CBC_192/AES_CBC_128/HMAC_SHA2_384_192/HMAC_SHA2_256_128/HMAC_SHA2_512_256/HMAC_SHA1_96/NO_EXT_SEQ

      1 Reply Last reply Reply Quote 0
      • S
        syhm
        last edited by syhm

        Great idea!

        mac OS Big Sur & iOS 14.3

Phase 1:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

Phase 2:
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.