Hello,
is there any plan in roadmap to support Diffie-Hellman Group 14 in VPN Phase 1 IPSec negotiation.
Best regards,
Gregor
Hello,
is there any plan in roadmap to support Diffie-Hellman Group 14 in VPN Phase 1 IPSec negotiation.
Best regards,
Gregor
Not in the roadmap. I will move this to feature request.
Thanks.
I thin a better feature request would be to allow the admin to determine the protocols and cipher strengths. Peplink can possibly automatically expire protocols once they have been proven obsolete/at risk. I don’t believe it should take an entire firmware package to update ciphers and protocols. I guess “security customizations and extensibility” would be the feature request that I would like to see. As a server admin, it is a MUST, but it sure would be nice to have from a Network admin perspective as well.
Bear in mind, I have spent the past month cleaning servers that are high risk according to the vulnerability scans. Scrub, reboot, scan, repeat.
After having the internal discussion, we target to support DH Group 14 on v7.1.0. Stay tuned!
Any progress on this?
We are failing the Trustwave securty scan. If we can’t fix this very soon I will have to replace the Peplink router with an other brand :-(((((
“IPsec supports stronger DH group (Group: 2, 5, 14, 19,
20, 21, 24).”
This is from release notes for 7.1.0.