From 467548f6e84a4ed05d9f9c9e636ebc9e6673e00f Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Fri, 26 Oct 2018 21:46:49 +0200
Subject: [PATCH] ipsec: adding new key-proposal that we wanna move towards to.
 once rolled out, we'd like to deprecate the old weak ones

---
 files/ipsec.conf.wit | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit
index 1dfdf35..ffe3291 100644
--- a/files/ipsec.conf.wit
+++ b/files/ipsec.conf.wit
@@ -17,8 +17,8 @@ conn %default
     dpdaction=restart
     type=transport
     keyexchange=ikev1
-    ike=aes128-sha1-modp2048!
-    esp=aes128-sha1-modp2048!
+    ike=aes256-sha512-modp4096,aes128-sha1-modp2048!
+    esp=aes256-sha512-modp4096,aes128-sha1-modp2048!
     leftcert=FQHOSTNAME.crt
     leftid="C=US, O=Wit, CN=FQHOSTNAME"
     rightid="C=US, O=Wit, CN=*"