Lars, > esp=3des-sha1,3des-sha1-modp1024
If you have both non-PFS (3des-sha1) and PFS (3des-sha1-modp1024) proposals included, strongSwan includes a KE payload for the DH exchange. The responder is free to ignore the KE payload if it picks the non-PFS proposal, but it seems that this does not work that well with Windows. > It was a bit tricky to get this right, as it is not obvious if PFS is > enabled or not. To make sure no PFS is in use, you should try to be more explicit, for example by using > esp=3des-sha1! as the proposal. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
