What's new

ASUS AX Series IPSEC Cipher setting(Merlin firmware)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Whitetip reef shark

New Around Here
Hello!! I'm using ASUS AX Series router and using Merlin Firmware(388.1 latest)

And i'm using IPSEC VPN Server feature

i wonder about IPSEC Cipher settings like aes256gcm16-prfsha384-modp2048

First. I can't found cipher settings in ipsec server settings page

Second. Checking logs i found using Strongswan 5.9.6 Server so i'm checking Strongswan homepage and found cipher settings https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html

Third. I'm downloading my smartphone Strongswan apps in google play store and change cipher settings in apps like aes256-prfsha384-modp2048 then connecting my router and re checking logs. happly in logs successfully changed cipher let's see this logs

nothing change app settings: [CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519

change app cipher settings: [CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_2048

these logs are same showing server and client apps but is really right changed cipher?? just only change apps settings not server??

i'm before seeing similary these question but different things i'm just change app settings but that persons using SSH entered router change server cfg files...

*****That's my wondering point, cipher change can work only change Android client app cipher settings?? or working rightly is not only enough change app settings but also using SSH connecting router and directly change server cfg??

Really thankyou for your times watching my questions :) I hope to everyone have a nice day!!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top