Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase 1 Proposal algorythms (2.3) => Why only 1 proposal ?

    IPsec
    2
    3
    556
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vin0x64
      last edited by

      Hi

      While trying to setup a roadwarriog connection for my mobile devices I came across an annoying issue:

      • IOS9 supports only dh group 14 (modp2048) by default
      • Windows 10 supports only dh group 2 (modp1024) by default
        It's very difficult to change the default Policy on any one of those two OS. So I Wonder why the pfsense approach is to propose only one algorythm in the phase 1 negociation.

      Would it be possible to have several groups or even not specify any. I'm willing to try and modify somethings it's just that not being a developper I don't know where to start… any ideas ?

      Regards,
      Vincent.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        There's a feature request open to make that more like the P2 screen, where you can select more options. It's that way because in the past, that was the only valid way to configure the underlying keying daemon. That hasn't been true more recently though.

        1 Reply Last reply Reply Quote 0
        • V
          vin0x64
          last edited by

          Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.