Hacker News new | past | comments | ask | show | jobs | submit login

It's regarding server implementation. My aim was to use built-in IPsec IKEv2 implementations for Windows, iOS and macOS.

Regarding security: I had to reduce cipher strength to allow Windows client without further configuration. I'm using aes128-sha1-prfsha1-modp1024 which IMO should be relatively secure for home usage, but it's not very secure against governments. It's possible to use stronger ciphers, but you need to use some registry changes or powershell snippets for that, and I wanted to keep configuration to GUI dialogs. I have no idea why Windows by default does not accept strong ciphers.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact