aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2020-02-17 19:13:50 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2020-02-17 19:15:17 +0200
commite4bf525fead9ab5f768b189ae913c78bcf8716ba (patch)
tree96d9da8a64e2fc73bc692ec3179e2d892f20c5ce
parentfe4aeacf10b8866c15eab3dea9b9118b738d1f59 (diff)
downloaddmvpn-tools-e4bf525fead9ab5f768b189ae913c78bcf8716ba.tar.bz2
dmvpn-tools-e4bf525fead9ab5f768b189ae913c78bcf8716ba.tar.xz
define cipher proposals
primary proposals for improved security and performance fallback proposals for compatibility with charon defaults
-rw-r--r--dmvpn.swanctl4
1 files changed, 3 insertions, 1 deletions
diff --git a/dmvpn.swanctl b/dmvpn.swanctl
index 39b63bd..ec6e0c8 100644
--- a/dmvpn.swanctl
+++ b/dmvpn.swanctl
@@ -1,8 +1,9 @@
-# Copyright (c) 2017-2019 Kaarle Ritvanen
+# Copyright (c) 2017-2020 Kaarle Ritvanen
# See LICENSE file for license details
connections {
dmvpn {
+ proposals = aes256gcm12-prfsha512-ecp384,aes128-sha256-prfaesxcbc-ecp256
mobike = no
dpd_delay = 15s
unique = replace
@@ -16,6 +17,7 @@ connections {
}
children {
dmvpn {
+ esp_proposals = aes256gcm12-ecp384,aes128-sha256
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
rekey_time = 100m