Hi Developers, We are running on Centos 7 and we have installed strongswan-5.7.2-1.el7.x86_64 already installed and the latest version.
Our client will allow us to connect to them using: Phase 1: Authentication Method !! Pre-Shared Secret, to be exchanged over the phone (SMS) only Encryption Schema IKEv2 Diffie-Hellman Group- IKE DH Group-19 Encryption Algorithm AES-256 Hashing Algorithm SHA-256 PRF SHA-256 Renegotiate IKE SA every 86400 seconds Phase 2: IPSec IPSec Encryption Algorithm IPSec AES-256 Hashing Algorithm IPSec SHA-256 Renegotiate IPSec SA every 28800 seconds PFS No PFS Mode Main Mode I've been through the documentation from https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites and since we don't have Strong Swan 5.8.x we are limited in what we can use; *Option 1:* We have asked the client if we can use these alternate protocols that are supported with Strongswan 5.7. For Phase 1: Instead of DH Group-19 use DH Group 18 Instead of AES-256 use aes256gmac Instead of SHA-256 use sha256_96 For PRF instead of SHA-256 use AES XCBC For Phase 2: IPsec Instead of AES-256 use aes256gmac Instead of SHA-256 use sha256_96 Question 1: However it's not clear in the documentation https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites. For IPsec and StrongSwan 5.7 can you use aes256gmac instead of AES-256 and sha256_96 instead of SHA-256? Question 2: If this is possible with StrongSwan 5.7 how do you implement aes256gmac IPSec Encryption Algorithm and sha256_96 IPSec Hashing Algorithm? Or are there alternate options supported by StrongSwan 5.7? *Option 2:* Build Strongswan 5.8.x on Centos 7 However from this post it seems its may not work https://wiki.strongswan.org/issues/3229 Question3: Has anyone successfully built Strongswan 5.8.x or later on Centos 7 and if so would they be so kind as to share their instructions on how to do it? Thanks for any assistance.
