Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings

I am trying to setup a VPN connection on Ubuntu 20.04 using Strongswan. One of the requirements for the tunnel is to use PFS group 20.

Is the PFS group 20 being set when we have the following line in ipsec.conf?

 esp=aes256-sha512-ecp384

Thank you~!

1 Answer

Yes, PFS (or rather Diffie-Hellman) group 20 for IKE/IKEv2 is the 384-bit random ECP group defined in RFC 5903. So adding ecp384 to the ESP proposal is correct.

Fame Burst

Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings

1 Answer

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Why does DLC not download with backwards compatible xbox games?

Does Anna Navarre and Gunther Hermann's killswitch codes have any meaning?

Which purchasable houses have access to alchemy / enchanting / smithy / cooking?

Does the type of hard drive affect load times for an Xbox 360 Slim?