starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #44] Improve the default settings #37

New issue
Closed
opened 2026-03-02 07:11:14 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 07:11:14 +03:00
Owner
Copy link

Originally created by @JamesHagerman on GitHub (Dec 18, 2017).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/44

I'll admit I'm no VPN expert, but it seems like the defaults for this VPN could be improved quite a bit.

If nothing else, maybe add a note as to why these cipher were picked as the defaults?

  ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512

Thanks

Originally created by @JamesHagerman on GitHub (Dec 18, 2017). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/44 I'll admit I'm no VPN expert, but it seems like the defaults for this VPN could be improved quite a bit. If nothing else, maybe add a note as to why these cipher were picked as the defaults? ``` ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512 ``` Thanks
kerem closed this issue 2026-03-02 07:11:14 +03:00
kerem commented 2026-03-02 07:11:15 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Dec 19, 2017):

@JamesHagerman Hello! Thanks for the suggestion. The default IKE ciphers had been selected to be as universal as possible (i.e. trying to be compatible with Windows, macOS, Linux, iOS, Android, etc.) The modp1024 part is required because in recent Libreswan versions, modp1024 was removed from the default which broke compatibility with Windows clients, unless this part is added. Finally, the aes256-sha2_512 part was added to improve compatibility with Android 6 and 7 clients [1].

[1] https://libreswan.org/wiki/FAQ#Using_SHA2_256_for_ESP_connection_establishes_but_no_traffic_passes_.28especially_Android_6.0.29

<!-- gh-comment-id:352660059 --> @hwdsl2 commented on GitHub (Dec 19, 2017): @JamesHagerman Hello! Thanks for the suggestion. The default IKE ciphers had been selected to be as universal as possible (i.e. trying to be compatible with Windows, macOS, Linux, iOS, Android, etc.) The `modp1024` part is required because in recent Libreswan versions, `modp1024` was removed from the default which broke compatibility with Windows clients, unless this part is added. Finally, the `aes256-sha2_512` part was added to improve compatibility with Android 6 and 7 clients [1]. [1] https://libreswan.org/wiki/FAQ#Using_SHA2_256_for_ESP_connection_establishes_but_no_traffic_passes_.28especially_Android_6.0.29
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#37
No description provided.