In particular, Win10 still defaults to DH group 2 (1024 bit), which is
known to be insecure, and libreswan rejects it by default, IIRC.
I'm not sure about Win11, but I would expect MS to stick to their design.
My 2 c.
On 2/28/2024 6:32 PM, John Crisp via Swan wrote:
On 28 February 2024 20:57:30 CET, Marc via Swan <[email protected]>
wrote:
Where can I find a working and tested config, that offers vpn connectivity with
the os default clients of android, win10, win11, macos and ios? (maybe put this
on some wiki/example page)
Not sure there is one as the variations in systems are almost infinite.
Net to net, client to net, NAT, no NAT, IPv4/6, routing, firewalling etc etc.
See the examples below.
Other VPNs generally have the same issues. I'm dealing right now with a
complicated intransigent openvpn setup. I'd prefer Libreswan, but in this
particular scenario it would not suit. Horses for courses.
These should get you started. Pretty sure they are open to improvements if you
have some.
https://libreswan.org/
https://libreswan.org/wiki/Configuration_examples
https://libreswan.org/man/ipsec.conf.5.html
https://github.com/libreswan/libreswan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
