Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
COMPRESSION="off"
-GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192"
INTEGRITIES="SHA256"
PSEUDO_RANDOM_FUNCTIONS="SHA256"
KEY_EXCHANGE="ikev2"
KEY_EXCHANGE="ikev2"
CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
INTEGRITIES="SHA512 SHA384 SHA256"
-GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
LIFETIME="28800"
PFS="on"
# Curve25519
[CURVE25519]="256 bit Elliptic Curve 25519"
+
+ # Curve448
+ [CURVE448]="224 bit Elliptic Curve 448"
)
declare -A GROUP_TYPE_TO_STRONGSWAN=(
[ECP384BP]="ecp384bp"
[ECP512BP]="ecp512bp"
- # Curve25519
+ # More Curves
[CURVE25519]="curve25519"
+ [CURVE448]="curve448"
)
cli_vpn_security_policies() {