Phase 1 Proposal algorythms (2.3) => Why only 1 proposal ?
While trying to setup a roadwarriog connection for my mobile devices I came across an annoying issue:
- IOS9 supports only dh group 14 (modp2048) by default
- Windows 10 supports only dh group 2 (modp1024) by default
It's very difficult to change the default Policy on any one of those two OS. So I Wonder why the pfsense approach is to propose only one algorythm in the phase 1 negociation.
Would it be possible to have several groups or even not specify any. I'm willing to try and modify somethings it's just that not being a developper I don't know where to start… any ideas ?
There's a feature request open to make that more like the P2 screen, where you can select more options. It's that way because in the past, that was the only valid way to configure the underlying keying daemon. That hasn't been true more recently though.