Hi Achyar, just add a DH group to the esp statement and PFS will be activated, e.g. in ipsec.conf:
esp=aes128gcm16-modp3072! or in swanctl.conf: esp_proposals = aes128gcm16-modp3072 Regards Andreas On 04.06.2016 05:27, achyar.nur wrote: > Hi Everyone, > > > > I use, strongswan 5.3.2 and want to running pfs. Let me know how to > configure it > > > > [root@strongswan-achyarnurandidotnet-s1 ~]# strongswan version > > Linux strongSwan U5.3.2/K3.10.0-327.18.2.el7.x86_64 > > Institute for Internet Technologies and Applications > > University of Applied Sciences Rapperswil, Switzerland > > See 'strongswan --copyright' for copyright information. > > [root@strongswan-achyarnurandidotnet-s1 ~]# > > > > I got information from documentation that, prior 5.0 pfs is depreciated > command. And should be configured in dh group. > > > > > > Thank you, > > > > > > Achyar > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > Virus-free. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
