Improve IPsec encryption and hash warnings
The selections for IPsec encryption and hash have some options that should be warned against or explained better. The options are there for connecting to less-secure third party devices/vendors but should be avoided in ideal situations.
#1 Updated by Chris Macmahon over 1 year ago
The following notes are now on the ipsec p1 page:
Note: Blowfish, 3DES, CAST128, MD5, SHA1, and DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.
Enter the Pre-Shared Key string. This key must match on both peers.
This key should be long and random to protect the tunnel and its contents. A weak Pre-Shared Key can lead to a tunnel compromise.