[Swan] Suggested cipher suites in Libreswan 3.29

Paul Wouters paul at nohats.ca
Tue Jul 9 03:42:24 UTC 2019

On Tue, 9 Jul 2019, Kaushal Shriyan wrote:

> I am running libreswan version 3.29 on CentOS 7.6 and the details are as below:-

> I have the below config. 
>        conn apps-tomcat-primary
>               type=tunnel
>               authby=secret
>               left=%defaultroute
>               leftid=
>               leftnexthop=%defaultroute
>               leftsubnet=
>               right=
>               rightsubnet=
>               ike=aes128-sha1;modp1024

Note using DH2 makes no sense. It's too weak. libreswan-3.30 has it
compile time disabled by default.

>               phase2alg=aes128-sha1;modp1536

It also makes little sense to have a larger phase2 DH group.

>               pfs=yes
>               auto=start
>               ikev2=no
> I will appreciate if you can let me know the suggested cipher suites (encryption and authentication) to be implemented as per the above Libreswan IPsec configuration.

It will only allow what you specified on the ike= and esp= lines. Only
if you specify nothing in the conn, do you get default ciphers eiter
from conn %default or via the system-wide crypto policies (via conn

So your ike= line will only allow AES 128 bit key, SHA1 for PRF and
INTEG, using DH2. Your esp=/phase2alg- line only allows AES 128 bit key,
SHA1 for INTEG and DH5 Quickmode/PFS.


More information about the Swan mailing list