New ciphers enabled

docs/client-linux.md

@@ -73,6 +73,6 @@ In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the
     * For the later 2 options, hover to option in the settings to see a description
   * Cipher proposal:
     * Check *Enable custom proposals*
-    * IKE: `aes128gcm16-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_384-prfsha384-ecp256`
+    * IKE: `aes256gcm16-prfsha512-ecp384,aes256-sha2_512-prfsha512-ecp384,aes256-sha2_384-prfsha384-ecp384`
-    * ESP: `aes128gcm16-ecp256,aes128-sha2_512-prfsha512-ecp256`
+    * ESP: `aes256gcm16-ecp384,aes256-sha2_512-prfsha512-ecp384`
 * Apply and turn the connection on, you should now be connected

docs/client-windows.md

@@ -48,12 +48,12 @@ Add-VpnConnection @addVpnParams
 
 $setVpnParams = @{
     ConnectionName = $VpnName
-    AuthenticationTransformConstants = "GCMAES128"
+    AuthenticationTransformConstants = "GCMAES256"
-    CipherTransformConstants = "GCMAES128"
+    CipherTransformConstants = "GCMAES256"
-    EncryptionMethod = "AES128"
+    EncryptionMethod = "AES256"
     IntegrityCheckMethod = "SHA384"
-    DHGroup = "ECP256"
+    DHGroup = "ECP384"
-    PfsGroup = "ECP256"
+    PfsGroup = "ECP384"
     Force = $true
 }
 Set-VpnConnectionIPsecConfiguration @setVpnParams

roles/vpn/defaults/main.yml

@@ -25,8 +25,8 @@ strongswan_enabled_plugins:
 
 ciphers:
   defaults:
-    ike: aes128gcm16-prfsha512-ecp256!
+    ike: aes256gcm16-prfsha512-ecp384!
-    esp: aes128gcm16-ecp256!
+    esp: aes256gcm16-ecp384!
   compat:
-    ike: aes128gcm16-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_384-prfsha384-ecp256!
+    ike: aes256gcm16-prfsha512-ecp384,aes256-sha2_512-prfsha512-ecp384,aes256-sha2_384-prfsha384-ecp384!
-    esp: aes128gcm16-ecp256,aes128-sha2_512-prfsha512-ecp256!
+    esp: aes256gcm16-ecp384,aes256-sha2_512-prfsha512-ecp384!

roles/vpn/templates/client_windows.ps1.j2

@@ -169,12 +169,12 @@ function Add-AlgoVPN {
 
     $setVpnParams = @{
         ConnectionName = $VpnName
-        AuthenticationTransformConstants = "GCMAES128"
+        AuthenticationTransformConstants = "GCMAES256"
-        CipherTransformConstants = "GCMAES128"
+        CipherTransformConstants = "GCMAES256"
-        EncryptionMethod = "AES128"
+        EncryptionMethod = "AES256"
         IntegrityCheckMethod = "SHA384"
-        DHGroup = "ECP256"
+        DHGroup = "ECP384"
-        PfsGroup = "ECP256"
+        PfsGroup = "ECP384"
         Force = $true
     }
     Set-VpnConnectionIPsecConfiguration @setVpnParams

roles/vpn/templates/mobileconfig.j2

@@ -60,9 +60,9 @@
                 <key>ChildSecurityAssociationParameters</key>
                 <dict>
                     <key>DiffieHellmanGroup</key>
-                    <integer>19</integer>
+                    <integer>20</integer>
                     <key>EncryptionAlgorithm</key>
-                    <string>AES-128-GCM</string>
+                    <string>AES-256-GCM</string>
                     <key>IntegrityAlgorithm</key>
                     <string>SHA2-512</string>
                     <key>LifeTimeInMinutes</key>
@@ -81,9 +81,9 @@
                 <key>IKESecurityAssociationParameters</key>
                 <dict>
                     <key>DiffieHellmanGroup</key>
-                    <integer>19</integer>
+                    <integer>20</integer>
                     <key>EncryptionAlgorithm</key>
-                    <string>AES-128-GCM</string>
+                    <string>AES-256-GCM</string>
                     <key>IntegrityAlgorithm</key>
                     <string>SHA2-512</string>
                     <key>LifeTimeInMinutes</key>