Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings

Question

I am trying to setup a VPN connection on Ubuntu 20.04 using Strongswan. One of the requirements for the tunnel is to use PFS group 20.

Is the PFS group 20 being set when we have the following line in ipsec.conf?

  esp=aes256-sha512-ecp384

Thank you~!

Community · Accepted Answer · 2021-10-07 07:59:29Z

2

Yes, PFS (or rather Diffie-Hellman) group 20 for IKE/IKEv2 is the 384-bit random ECP group defined in RFC 5903. So adding ecp384 to the ESP proposal is correct.

edited Oct 7, 2021 at 7:59

CommunityBot

1

answered Jan 25, 2021 at 9:11

ecdsa

1,25810 silver badges13 bronze badges

Add a comment |

Stack Exchange Network

Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
ubuntu
vpn
tunnel
ipsec
strongswan
.

Hot Network Questions

Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged ubuntuvpntunnelipsecstrongswan.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
ubuntu
vpn
tunnel
ipsec
strongswan
.