Correction #11096
closed
Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Pre-Shared Keys
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html
Feedback: (from twitter:) Your example is in dire need of updated cryptography settings because both sides have equally outdated and insecure settings.
DH group 2 is no longer recommended and screenshots are quite old. The current GUI even contains a warning against using DH group2. There will need a couple of wording changes since group 14 is now the default for DH at P1 and PFS at P2. Updated screenshots attached.
Files
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Closed
This recipe has been updated with current recommendations for encryption and also in other ways, such as using settings which help avoid duplicate SA entries. Screenshots are all new as well.
A couple sections at the end of the recipe were moved and merged into other areas since they were not strictly relevant to this, and were duplicating existing things.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/adb98bb3f21d8b99effdb34b87f08b4f879acb69
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/client-routing.html
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html