Package: strongswan-libcharon Version: 5.6.1-2 Severity: normal Dear Maintainer,
I've recently upgraded from strongswan 5.6.0-2 to 5.6.1-2, and two of my existing VPN configurations, pointing to pfSense servers, stopped working with an "Invalid secrets" error. Digging in the computer and pfSense logs I found that the needed aes256-sha256-prfsha256-modp1024 proposal, that was previously offered by the initiator, was not offered anymore. I use the network-manager interface, so I added it back as a custom proposal in the VPN settings window, and the VPN connection started working again. The pfSense IPSec VPN is configured following the official tutorial on the pfSense Wiki, and my understanding is that it's the required configuration for having the VPN be accessible by Linux, Windows and macOS, so I think this change could break existing VPN configurations for several people. Is there a specific reason the default cipher proposal by strongswan doesn't offer aes256-sha256-prfsha256-modp1024 anymore? Would it be possible to add it back? Best, Luca -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages strongswan-libcharon depends on: ii libc6 2.25-1 ii libstrongswan 5.6.1-2 strongswan-libcharon recommends no packages. Versions of packages strongswan-libcharon suggests: ii libcharon-extra-plugins 5.6.1-2 -- no debconf information