Just tried it with ike=aes256-sha1-modp2048! esp=aes256-sha1-modp2048! And got received NO_PROPOSAL_CHOSEN notify error So yeah, either they configured crap, or Microsoft magic. (sorry for the rant)
On Mon, Feb 20, 2017 at 12:29 PM Noel Kuntze <[email protected]> wrote: > That doesn't really make sense, because modp2048 seems to work when > rekeying a CHILD_SA, > so the remote peer has to be able to use that group also when establishing > an IKE_SA. > Do you mean, the ones that implemented it just configured crap? > > On 20.02.2017 11:28, Andrei-Florian Staicu wrote: > > I really can't, I'm just a tenant there and the ones that implemented it > are idiots. > > > > > > On Mon, Feb 20, 2017, 12:19 Noel Kuntze <[email protected] <mailto: > [email protected]>> wrote: > > > > On 20.02.2017 11:18, Andrei-Florian Staicu wrote: > > > ike=aes256-sha1-modp1024! > > > > That DH group is broken in regards to security. Please use a > stronger one. > > > > -- > > > > Mit freundlichen Grüßen/Kind Regards, > > Noel Kuntze > > > > GPG Key ID: 0x63EC6658 > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > > > > -- > > Beware of programmers who carry screwdrivers. > > -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > -- Beware of programmers who carry screwdrivers.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
