in ikev2setup.sh shouldn't this use openssl sha2

[aflashback]

Checklist

• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
• [x] I searched existing Issues
• [x] This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue in ikev2setup.sh file export_p12_file method I see all openssh commands are using sha1 shouldn't this be sha2 , is there a reason ?

example: openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES

Thanks!

[letoams]

Describe the issue in ikev2setup.sh file export_p12_file method I see all openssh commands are using sha1 shouldn't this be sha2 , is there a reason ?

example: openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES

Sadly, Apple doesn’t support all pkcs12 wrappings. It doesn’t do aes, only 3des. Not sure if it supports sha2

Paul

[hwdsl2]

@aflashback Hello! Yes, this is mainly for compatibility with VPN client devices, such as iPhones and iPads. For a personal VPN, using 3DES and SHA1 for IKEv2 certificates should be fine from a security perspective.