[Swan] ike and esp notation
Paul Wouters
paul at nohats.ca
Thu Nov 12 14:04:07 UTC 2020
It is correct but since those algorithms are in the default set, you can just leave out both lines
Sent from my iPhone
> On Nov 12, 2020, at 09:00, armin.vehr at mmlab.de wrote:
>
> Hi List!
>
> I was tasked to set up a site-to-site VPN to a supplier site and decided to use LibreSwan.
>
> My platform is CentOS 8.2.2004, LibreSwan is version 3.29-7.
>
> The remote peer operator sent me the following encryption details but I didn't find according IKE or ESP cipher/algorithm settings in the list of supported settings at
>
> https://libreswan.org/wiki/FAQ > Which ciphers / algorithms does libreswan support?
>
> I have to use:
>
> Phase1
> ======
> - Encryption Algorithm AES-256
> - Hash SHA512
> - Diffie-Hellman 14
>
> Phase2
> ======
> - ESP Encryption AES-256
> - Hash SHA512
> - Diffie-Hellman 14
>
> I added the following parameters to my ipsec.conf and wonder if they are supported and if the notation is correct:
>
> ike=aes256-sha512;dh14
> esp=aes256-sha512;dh14
>
> Can anybody confirm if they are correct?
>
> Thank you very much!
>
> Best regards
> Armin
>
> __________ Information from mm-lab IT security __________The message was checked by ESET Mail Security.
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list