Hello,
is there any plan in roadmap to support Diffie-Hellman Group 14 in VPN Phase 1 IPSec negotiation.
Best regards,
Gregor
Not in the roadmap. I will move this to feature request.
Thanks.
I thin a better feature request would be to allow the admin to determine the protocols and cipher strengths. Peplink can possibly automatically expire protocols once they have been proven obsolete/at risk. I don’t believe it should take an entire firmware package to update ciphers and protocols. I guess “security customizations and extensibility” would be the feature request that I would like to see. As a server admin, it is a MUST, but it sure would be nice to have from a Network admin perspective as well.
Bear in mind, I have spent the past month cleaning servers that are high risk according to the vulnerability scans. Scrub, reboot, scan, repeat.
3 Likes
After having the internal discussion, we target to support DH Group 14 on v7.1.0. Stay tuned!
3 Likes
Any progress on this?
We are failing the Trustwave securty scan. If we can’t fix this very soon I will have to replace the Peplink router with an other brand :-(((((
“IPsec supports stronger DH group (Group: 2, 5, 14, 19,
20, 21, 24).”
This is from release notes for 7.1.0.