diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2020-02-17 19:13:50 +0200 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2020-02-17 19:15:17 +0200 |
commit | e4bf525fead9ab5f768b189ae913c78bcf8716ba (patch) | |
tree | 96d9da8a64e2fc73bc692ec3179e2d892f20c5ce | |
parent | fe4aeacf10b8866c15eab3dea9b9118b738d1f59 (diff) | |
download | dmvpn-tools-e4bf525fead9ab5f768b189ae913c78bcf8716ba.tar.bz2 dmvpn-tools-e4bf525fead9ab5f768b189ae913c78bcf8716ba.tar.xz |
define cipher proposals
primary proposals for improved security and performance
fallback proposals for compatibility with charon defaults
-rw-r--r-- | dmvpn.swanctl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/dmvpn.swanctl b/dmvpn.swanctl index 39b63bd..ec6e0c8 100644 --- a/dmvpn.swanctl +++ b/dmvpn.swanctl @@ -1,8 +1,9 @@ -# Copyright (c) 2017-2019 Kaarle Ritvanen +# Copyright (c) 2017-2020 Kaarle Ritvanen # See LICENSE file for license details connections { dmvpn { + proposals = aes256gcm12-prfsha512-ecp384,aes128-sha256-prfaesxcbc-ecp256 mobike = no dpd_delay = 15s unique = replace @@ -16,6 +17,7 @@ connections { } children { dmvpn { + esp_proposals = aes256gcm12-ecp384,aes128-sha256 local_ts = dynamic[gre] remote_ts = dynamic[gre] rekey_time = 100m |