Hi Guys, I am somewhat new to IPSec.
In Windows 10 I am trying to set proper encryption-/integrity algorithm: Set-VpnConnectionIPsecConfiguration -ConnectionName "..." -AuthenticationTransformConstan ts SHA256 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup None Now, as you can see, I *have to* set PfsGroup to none, because if I do not then my IPsec Tunnel breaks apart eventually. The server will say "no acceptable diffie hellman group found." I am assuming that Windows is trying to do PFS which strongswan can't (?). Is that option maybe obsolete with IKEv2? Afterall, pfsgroup is listed under "Removed parameters (since 5.0.0)": https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection Is PfsGroup None unsafe? Thanks! -Chris
