Hello, I have set up a StrongSwan server on Ubuntu 18.04 and am really enjoying it. I was hoping to check with you guys to see if these settings are optimal or if it could be still improved.
I only allow iOS devices to connect to this server. So I don't care that much about Windows and Android at this point. Security is important but fast handshake and speed are also a key factor. What do you think? config setup strictcrlpolicy=yes uniqueids=never conn roadwarrior auto=add compress=yes type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256-sha256-ecp521-ecp256-modp4096-modp2048! esp=aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1! dpdaction=clear dpddelay=180s rekey=no left=%any leftid=@my.server.com leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius eap_identity=%any rightdns=208.67.222.222,208.67.220.220 rightsourceip=10.10.10.0/24 rightsendcert=never Many Thanks, Houman