On Wed, 16 Oct 2019, Stuart Henderson wrote:
I would srongly recommend switching to IKEv2 if you can, it is far
easier to come up with a config that still gives decent crypto with
mixed client platforms. (Internal client on Apple OS and non-ancient
Windows - strongswan on Android/Linux).
I do not disagree.
I just need to move an existing NPPPD to behind a firewall in the short
term that serves several iPads and Windows PCs. Once I have the move done,
I want to move expand to IKEv2. I was also under the impression that IKEv2
was faster.
The IPsec side should be ok as long as everything supports nat-t (not
unusual).
I am still stuck and will try some new things on Monday.
Regards - Damian