[Swan] default config that works with recent android/win10/win11/macos/ios
manfred
mx2927 at gmail.com
Fri Mar 1 05:59:21 EET 2024
If you can handle the Windows side, then probably this would be a good
start on the libreswan side for a roadwarrior configuration:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
There are some specific requirements on the certificate that are
demanded by Windows.
Another good source of information (at least it was for me) is the
strongswan documentation, where I got the details on how to create the
VPN connection and configure the certificate.
By the way, you don't need to mess with regedit, powershell is all you
need to set up the vpn ipsec parameters properly on Windows:
https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration
On 2/29/2024 5:26 AM, Marc wrote:
>>
>> In particular, Win10 still defaults to DH group 2 (1024 bit), which is
>> known to be insecure, and libreswan rejects it by default, IIRC.
>> I'm not sure about Win11, but I would expect MS to stick to their design.
>>
>
> Yes Indeed. I have made some powershell/regedit scripts that change these defaults. So I can send someone these. Inspecting such files and asking someone to double click them is not ideal, but still doable.
>
>
More information about the Swan
mailing list