Quote from: m256 on December 03, 2024, 03:13:12 PMSo, good news: I have tried with custom configs- created custom config file in swanctl\conf.dHello,
I made a completely new connection with unique id and full settings. It worked - even with deprecated ciphers.
I also tried adding just an update to settings made in GUI like this:connections {this worked fine as well.
con1 {
children {
con1 {
esp_proposals = aes128-sha1
}
}
}
}
What does not work is 3des for ESP. This is not done by strongswan, but kernel. Adding 3des support to freebsd would likely mean kernel recompiling.
Quote from: really_lost on December 05, 2025, 04:47:29 AMIf you are affected by this, you'll want to get a ticket opened and request a firmware rollback.