Hi Tobias, Thanks! Worked great!
-Chris On Tue, Feb 20, 2018, at 14:17, Tobias Brunner wrote: > Hi Chris, > > > Is that option maybe obsolete with IKEv2? Afterall, pfsgroup is listed > > under "Removed parameters (since 5.0.0)": > > DH groups for IPsec SAs are configured differently for IKEv2 and since > 5.0.0 also for IKEv1. They are added to ESP/AH proposals (esp/ah > setting in ipsec.conf). If you currently don't have any configured then > use `none` on Windows. However, if you want to use a separate DH > exchange when rekeying CHILD_SAs then configure a matching DH group on > both ends. > > Regards, > Tobias
