Project

General

Profile

Correction #11096

Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Pre-Shared Keys

Added by Jared Dillard 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
-
Start date:
11/24/2020
Due date:
% Done:

0%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html

Feedback: (from twitter:) Your example is in dire need of updated cryptography settings because both sides have equally outdated and insecure settings.

DH group 2 is no longer recommended and screenshots are quite old. The current GUI even contains a warning against using DH group2. There will need a couple of wording changes since group 14 is now the default for DH at P1 and PFS at P2. Updated screenshots attached.

Also available in: Atom PDF