]> git.ipfire.org Git - people/stevee/network.git/commitdiff
projects / people / stevee / network.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 78f1803)
ipsec: Disable compression in system policy
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 3 Aug 2017 12:08:04 +0000 (12:08 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 3 Aug 2017 12:09:37 +0000 (12:09 +0000)
Compression in IPsec is slow (strongSwan only supports
DEFLATE) and there are security concerns about it
revealing information about the plaintext.

So for a little gain in bandwith, it does not seem to
be right to take that risk right now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/vpn/security-policies/system patch | blob | blame | history

diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
index f2120a22743018788fdd72078662c6fb15dc5c32..311dd9eaba432788b8cc8e6cf0ce9745e8985869 100644 (file)
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -4,4 +4,4 @@ INTEGRITY="SHA512 SHA384 SHA256"
 GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
 LIFETIME="28800"
 PFS="on"
-COMPRESSION="on"
+COMPRESSION="off"
Stevee's network tree.