Hi Martin,
> esp=3des-sha1,3des-sha1-modp1024
> If you have both non-PFS (3des-sha1) and PFS (3des-sha1-modp1024)
> proposals included, strongSwan includes a KE payload for the DH
> exchange. The responder is free to ignore the KE payload if it picks the
> non-PFS proposal, but it seems that this does not work that well with
> Windows.
Now it makes sense. In fact, I was wondering what the KE meant. I noticed it
in the quick mode request. Is there a place the KE and its relation to the DH
exchange/PFS
is described?
> To make sure no PFS is in use, you should try to be more explicit, for
> example by using
> esp=3des-sha1!
Yes, it works, now I can control if PFS is used or not.
Thanks and regards,
Lars
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
