From e4bf525fead9ab5f768b189ae913c78bcf8716ba Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 17 Feb 2020 19:13:50 +0200
Subject: [PATCH 4/5] define cipher proposals

primary proposals for improved security and performance
fallback proposals for compatibility with charon defaults
---
 dmvpn.swanctl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dmvpn.swanctl b/dmvpn.swanctl
index 39b63bd..ec6e0c8 100644
--- a/dmvpn.swanctl
+++ b/dmvpn.swanctl
@@ -1,8 +1,9 @@
-# Copyright (c) 2017-2019 Kaarle Ritvanen
+# Copyright (c) 2017-2020 Kaarle Ritvanen
 # See LICENSE file for license details
 
 connections {
 	dmvpn {
+		proposals = aes256gcm12-prfsha512-ecp384,aes128-sha256-prfaesxcbc-ecp256
 		mobike = no
 		dpd_delay = 15s
 		unique = replace
@@ -16,6 +17,7 @@ connections {
 		}
 		children {
 			dmvpn {
+				esp_proposals = aes256gcm12-ecp384,aes128-sha256
 				local_ts = dynamic[gre]
 				remote_ts = dynamic[gre]
 				rekey_time = 100m
-- 
2.24.1