Hello,
I am creating a IPSec connection in the Webgui and save it. The ipsec.conf contains these lines (and of course many more):
ike=aes128-sha-modp1024!
esp=aes128-sha1-modp1024!
At the end there is a exclamation mark. Why is this generated? The VPN does not work with the exclamation mark. If I remove it in both lines the VPN is established without problems. So what’s the trick to get a working config without exclamation marks?
Thanks
Stefan
Hello Sascha,
in the Advanced Settings of your IPsec connection there is an option called “IKE+ESP: Use only proposed settings”. Basically it will tell IPsec to only use the selected ciphers above. If you uncheck that box, the exclamation mark will disappear and IPsec will use whatever it supports, not only what you selected.
From a security point-of-view, you will have to investigate what ciphers your peer supports and only select those. Don’t allow it to use anything.
Thanks, that’s what I wanted to know 