blob: 483ecfac93db371d34a783cc43af900bdae05c62 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From e4bf525fead9ab5f768b189ae913c78bcf8716ba Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 17 Feb 2020 19:13:50 +0200
Subject: [PATCH 4/5] define cipher proposals
primary proposals for improved security and performance
fallback proposals for compatibility with charon defaults
---
dmvpn.swanctl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dmvpn.swanctl b/dmvpn.swanctl
index 39b63bd..ec6e0c8 100644
--- a/dmvpn.swanctl
+++ b/dmvpn.swanctl
@@ -1,8 +1,9 @@
-# Copyright (c) 2017-2019 Kaarle Ritvanen
+# Copyright (c) 2017-2020 Kaarle Ritvanen
# See LICENSE file for license details
connections {
dmvpn {
+ proposals = aes256gcm12-prfsha512-ecp384,aes128-sha256-prfaesxcbc-ecp256
mobike = no
dpd_delay = 15s
unique = replace
@@ -16,6 +17,7 @@ connections {
}
children {
dmvpn {
+ esp_proposals = aes256gcm12-ecp384,aes128-sha256
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
rekey_time = 100m
--
2.24.1
|