Hello,
https://help.mikrotik.com/docs/spaces/R ... figuration
The following link states that for Windows 10:
1. The only supported DH is modp1024 (group 2) which is not secure enough (i.e Cisco marks it as AVOID: https://sec.cloudapps.cisco.com/securit ... yptography)
2. Child SAs do not support AES-GCM (those are AEAD ciphers: they do not use hash, but require PRF). Instead, it suggests either AES-CBS with sha1 hmac (not so secure hash) or DES which is deprecated for a long time.
3. Child SAs do not support PFS (which is quite important!)
However, all three claims are not true.
Windows supports all these things, but one has to do the following:
1.Enable modp2048 (aka Group 14) `NegotiateDH2048_AES256`, for example:2. Configure VPN connection explicitly using `Set-VpnConnectionIPsecConfiguration` (there is no UI, sorry).
--
Here is my configuration:
Profile: hash, prf -- sha256, enc aes256, dh modp2048.
Proposal: Auth: nothing (we do need them for AEAD). enc aes-256 gcm, pfs modp2048.
So, I asked for: modp2048 PFS, DH 14 (which is also modp2048) and AES-256 CGM.
VOILÀ:(why does it show 288 key size? Seems like a bug: viewtopic.php?t=126484 , but Windows seems to accept it)
I enjoy hardware accelerated GCM AES.
And from the Windows side:For the Phase1 and I have DH14 (modp2048) and for the second phase it is AES-256-GCM.
AES-CBC 256 also works, and it supports SHA256 hmac:
Mikrotik:Windows:
Should we fix documentation to help people configure Windows clients in a more secure manner?
https://help.mikrotik.com/docs/spaces/R ... figuration
The following link states that for Windows 10:
1. The only supported DH is modp1024 (group 2) which is not secure enough (i.e Cisco marks it as AVOID: https://sec.cloudapps.cisco.com/securit ... yptography)
2. Child SAs do not support AES-GCM (those are AEAD ciphers: they do not use hash, but require PRF). Instead, it suggests either AES-CBS with sha1 hmac (not so secure hash) or DES which is deprecated for a long time.
3. Child SAs do not support PFS (which is quite important!)
However, all three claims are not true.
Windows supports all these things, but one has to do the following:
1.Enable modp2048 (aka Group 14) `NegotiateDH2048_AES256`, for example:
Code:
reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /t REG_DWORD /v NegotiateDH2048_AES256 /d 0x2 /f--
Here is my configuration:
Profile: hash, prf -- sha256, enc aes256, dh modp2048.
Proposal: Auth: nothing (we do need them for AEAD). enc aes-256 gcm, pfs modp2048.
Code:
Set-VpnConnectionIPsecConfiguration -Name $ConnName -AuthenticationTransformConstants GCMAES256 -EncryptionMethod GCMAES256 -CipherTransformConstants GCMAES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -DHGroup Group14 -forceVOILÀ:
Code:
[foo@bar] /ip/ipsec/installed-sa> print proplist=enc-algorithm,enc-algorithm,enc-key-size,hw-aead Flags: S - SEEN-TRAFFIC; H - HW-AEAD; E - ESPColumns: ENC-ALGORITHM, ENC-ALGORITHM, ENC-KEY-SIZE, HW-AEAD# ENC-ALGORITHM ENC-ALGORITHM ENC-KEY-SIZE HW-AEAD0 SHE aes-gcm aes-gcm 288 yes 1 SHE aes-gcm aes-gcm 288 yes 2 SHE aes-gcm aes-gcm 288 yes 3 SHE aes-gcm aes-gcm 288 yes I enjoy hardware accelerated GCM AES.
And from the Windows side:
Code:
PS C:\> Get-NetIPsecMainModeSA | select -Property CipherAlgorithm, HashAlgorithm, GroupId, KeyModuleCipherAlgorithm HashAlgorithm GroupId KeyModule--------------- ------------- ------- --------- AES256 SHA256 DH14 IkeV2 PS C:\> Get-NetIPsecQuickModeSA | select -Property FirstIntegrityAlgorithm,FirstTransformType,FirstCipherAlgorithmFirstIntegrityAlgorithm FirstTransformType FirstCipherAlgorithm----------------------- ------------------ -------------------- AESGMAC256 EspAuthAndCipher AESGCM256 AESGMAC256 EspAuthAndCipher AESGCM256AES-CBC 256 also works, and it supports SHA256 hmac:
Mikrotik:
Code:
4 SHE aes-cbc aes-cbc 256 yes Code:
CipherAlgorithm HashAlgorithm GroupId KeyModule--------------- ------------- ------- --------- AES256 SHA256 DH14 IkeV2Should we fix documentation to help people configure Windows clients in a more secure manner?
Statistics: Posted by IlKa — Sun May 04, 2025 7:15 pm