Hi, > AES-GCM Is used for both IKE and ESP but in the newest version of pfsense > > AES-GCM is removed in IKE_SA (aka phase 1) with the reason that AES GCM > > isn't a valid option for IKE_SA. > > > So my question is if AES-GCM is a valid option in IKE_SA.
Not for IKEv1. But it is for IKEv2, which you are using. Its use is defined in RFC 5282. Regards, Tobias [1] https://tools.ietf.org/html/rfc5282 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
