I am having trouble to connect to company VPN via vpnc using "IKE DH group 14" (modp2048). The vpnc seems to support old modp1024 only. See config below... Actually the whole story is - I am using bitrise.io as CI and I need it to connect to company VPN. They are using this plugin https://github.com/DroidsOnRoids/bitrise-step-vpnc-connect but based on communication with both sides, it is vpnc issue itself...
When I set "IKE DH group 14" to config file, the result is: vpnc: IKE DH Group "14" unsupported The only supported is modp1024, but it is broken and not recommended: https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations Thats why we need stronger IKE: https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites https://wiki.strongswan.org/versions/67
Config: Local Port 0 IPSec gateway XXXX IPSec ID XXXX IPSec secret XXXX IKE Authmode psk Xauth username XXXX Xauth password XXXX NAT Traversal Mode cisco-udp IKE DH group 14
Result: vpnc: IKE DH Group "14" unsupported