I am somewhat new to IPSec.
In Windows 10 I am trying to set proper encryption-/integrity algorithm:
Set-VpnConnectionIPsecConfiguration -ConnectionName "..."
ts SHA256 -CipherTransformConstants AES256 -EncryptionMethod AES256
-IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup None
Now, as you can see, I *have to* set PfsGroup to none, because if I do not then
my IPsec Tunnel breaks apart eventually. The server will say "no acceptable
diffie hellman group found." I am assuming that Windows is trying to do PFS
which strongswan can't (?).
Is that option maybe obsolete with IKEv2? Afterall, pfsgroup is listed under
"Removed parameters (since 5.0.0)":
Is PfsGroup None unsafe?