Project

General

Profile

History

strongSwan User Documentation » Configuration Examples »

Advanced Cipher Suite Examples

Algorithm IKEv1 IKEv2
ECP 256, 384, 512 (DH groups 19, 20, 21) IKEv1 IKEv2
MODP with subgroups (DH groups 22, 23, 24) IKEv1 IKEv2
ECP 192, 224 (DH groups 25, 26) IKEv1 IKEv2
ECDSA 256, 384, 521 IKEv1 IKEv2
AES CTR ESP IKEv2+ESP
AES CCM ESP IKEv2+ESP
AES GCM ESP IKEv2+ESP
AES GMAC^ ESP ESP
Blowfish CBC IKEv1+ESP IKEv2+ESP
Camellia CBC IKEv1+ESP IKEv2+ESP
Serpent CBC IKEv1+ESP
Twofish CBC IKEv1+ESP
NULL encryption ESP ESP
AES XCBC ESP IKEv2+ESP
SHA256* IKEv1+ESP IKEv2+ESP
SHA384* IKEv1+ESP IKEv2+ESP
SHA512* IKEv1+ESP IKEv2+ESP
ChaCha20 / Poly1305~ IKEv2+ESP

^requires the AES-GMAC patch that was integrated into the Linux 2.6.34 kernel.
*requires the SHA2 truncation patch that was integrated into the Linux 2.6.33 kernel.
~requires a Linux 4.2 kernel or newer.