<html><head></head><body><div class="ydpef92e594yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
        <div>Aware of the case, just not the esp line needed. I doubt they'll fix it unless enterprise customers really make a stink. And they tend to use the Cisco client with problems of its own.</div><div><br></div><div>Works now. Thanks again!</div><div><br></div>
        
        </div><div id="yahoo_quoted_9243369831" class="yahoo_quoted">
            <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
                
                <div>
                    On Thursday, January 31, 2019, 6:36:56 PM EST, Paul Wouters <paul@nohats.ca> wrote:
                </div>
                <div><br></div>
                <div><br></div>
                <div><div dir="ltr">On Thu, 31 Jan 2019, Mr. Jan Walter wrote:<br clear="none"><br clear="none">> That's in the config already. Other ideas?<br clear="none"><br clear="none">     ike=aes256-sha2_512;modp2048,aes128-sha2_512;modp2048,aes256-sha2;modp1024,aes128-sha1;modp1024<br clear="none">     esp=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512,aes256-sha2_256,aes128-sha2_256,aes128-sha1,aes256-sha1<br clear="none"><br clear="none">That adds the weak modp groups that windows mistakenly uses on rekey.<br clear="none"><br clear="none">Note for your reference, we reported IKEv2 only using weak groups in<br clear="none">October 2016, and got assigned Microsoft MSRC Case: 35732. We found out<br clear="none">about the rekey using the bad group in Feb 2018 and notified using the<br clear="none">same case number.<div class="yqt8830667491" id="yqtfd73651"><br clear="none"><br clear="none">Paul<br clear="none"></div></div></div>
            </div>
        </div></body></html>