vps_de-vps_uk { remote_addrs = 57.128.171.43 # les IP VPN pour le client # pools = v4_vps-uk, v6_vps-uk pools = v6_vps-uk local { auth = pubkey certs = vpsCert-dilithium5-sign_ca-falcon1024.pem id = vps.zw3b.eu } remote { auth = pubkey id = vps.uk.ipv10.net } children { vps_de-vps_uk { # mode = transport # Les resaux DU RECEPTEUR local_ts = fec0::/16, fc00:41d0:701:1100::/64 remote_ts = fec1::/16, fc00:41d0:801:2000::/64 start_action = trap #-------------------------------- # ESP #------- # DEFAUT : no cipher # selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ # My Config ciphers list # ok CHILD_SA net{1} established # esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ # ok CHILD_SA net{1} established esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ #--------------------------------- # rekey_time = 5400 # 90min rekey_time = 180 # 3min rekey_bytes = 500000000 rekey_packets = 1000000 } } #-------------------------------- # IKE #------- version = 2 dpd_delay = 60s # DEFAULT : no cipher config # selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 # ok IKE_SA home[1] established proposals = aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE2_BIKE_L3/KE3_HQC_L3/KE4_HQC_L5 # test # proposals = aes256-sha256-x25519 # proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # proposals = aes256-sha256-x25519-modp3072-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none #-------------------------------- }