Home/Support/Support Forum/Which DH groups are supported for ISAKMP and PFS for IPsec?
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Which DH groups are supported for ISAKMP and PFS for IPsec?

–1 vote
Hi All:

The new Libreswan versions do not support the DH2 group anymore and there appears be some typos in the version 19 of the manual.
Which DH groups are supported for IKE?
Which DH group are supported for PFS?
Which SHA authentication versions are supported?

cheers,
john
asked Jun 22 in Digi TransPort by jserink Community Contributor (52 points)

Please log in or register to answer this question.

1 Answer

–1 vote
Ok guys, opened up a WR41 with recent FW and answered this myself:
Here is the data:
IKE
Encryption: None, DES, 3DES, AES128, AES192, AES256,
Authentication: None, MD5, SHA1, SHA256
Modes: Main, Aggressive,
MODP Group Phase 1, 1-768, 2-1024, 5-1536, 14-2048,
MODP Group Phase 2, No PFS, 1-768, 2-1024, 5-1536, 14-2048,

IPSec
Encryption: None, NULL, DES, 3DES, AES128, AES192, AES256,
Authentication: None, MD5, SHA1, SHA256
MODP Group Phase 2, No PFS, 1-768, 2-1024, 5-1536, 14-2048,

The manual is complete inaccurate on this issues and needs a re-write.

Cheers,
john
answered Jun 22 by jserink Community Contributor (52 points)
...