Example workaround for 3DES, SHA1 and MODP1024 broken algorithms
Unfortunately there are many L2TP/IPsec VPN servers still offering only 3DES, SHA1 and MODP1024. One of the main reasons possibly for this is because it is the default Microsoft has offered with their L2TP/IPsec VPN servers since the days Windows XP was the main client.
If you are using strongSwan for IPsec client support, enter the following in the corresponding IPsec Options dialog box advanced section:
- Phase1 Algorithms : 3des-sha1-modp1024
- Phase2 Algorithms : 3des-sha1
If you are using Libreswan >= 3.20 for IPsec client support, enter the following in the IPsec Options dialog box advanced section:
- Phase1 Algorithms : 3des-sha1;modp1024
- Phase2 Algorithms : 3des-sha1