I have successfully been using pfsense 2.2.6 with rw clients connecting into with IKEv2 PSK and with the following ipsec.conf.
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="cfg 1, dmn 2, ike 1"
conn %default
ikelifetime=28800s
lifetime=10800s
margintime=600s
keyingtries=1
keyexchange=ikev2
type=tunnel
dpdaction=clear
dpddelay=900s
ike=aes256gcm128-sha512-ecp512bp!
esp=aes256gcm128-ecp512bp!
authby=psk
AES-GCM Is used for both IKE and ESP but in the newest version of pfsense
AES-GCM is removed in IKE_SA (aka phase 1) with the reason that AES GCM
isn't a valid option for IKE_SA.
So my question is if AES-GCM is a valid option in IKE_SA.
https://github.com/pfsense/pfsense/commit/76bec1ab8790964c9714f7f8497edfa1a6
c53409
Best regards
Lars Alex Pedersen
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
