It’s hard to find a list of DH Groups so i compiled one (from template: https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites)
What i want to know is.. is there a actual list of recommented IPSEC Parameters?
Like i have an RB2011UiAS .. which performs well till .. aes256-sha256-modp6144(dh16)… after that.. the cpu goes to 100% and it times out in phase1. (tried with cisco and fortigate)
are there mikrotiks out who can do ecp521?
What settings do you use?
Keyword DH Group Modulus Subgroup Questionable Security Group
modp768 1 768 bits broken Regular Groups
modp1024 2 1024 bits broken Regular Groups
ec2n155 3 155 bits questionable Regular Groups
ec2n185 4 185 bits questionable Regular Groups
modp1536 5 1536 bits questionable Regular Groups
ec2n163 6 163 bits questionable Regular Groups
ec2n163 7 163 bits questionable Regular Groups
ec2n283 8 283 bits questionable Regular Groups
ec2n283 9 283 bits questionable Regular Groups
ec2n409 10 409 bits questionable Regular Groups
ec2n409 11 409 bits questionable Regular Groups
ec2n571 12 571 bits questionable Regular Groups
ec2n571 13 571 bits questionable Regular Groups
modp2048 14 2048 bits poor performance Regular Groups
modp3072 15 3072 bits poor performance Regular Groups
modp4096 16 4096 bits Regular Groups
modp6144 17 6144 bits Regular Groups
modp8192 18 8192 bits Regular Groups
ecp256 19 256 bits NIST EC Group
ecp384 20 384 bits NIST EC Group
ecp521 21 521 bits NIST EC Group
modp1024s160 22 1024 bits 160 bits questionable ModPrime with Prime Order Sub
modp2048s224 23 2048 bits 224 bits questionable ModPrime with Prime Order Sub
modp2048s256 24 2048 bits 256 bits questionable ModPrime with Prime Order Sub
ecp192 25 192 bits NIST EC Group
ecp224 26 224 bits NIST EC Group
ecp224bp 27 224 bits Brainpool EC Group
ecp256bp 28 256 bits Brainpool EC Group
ecp384bp 29 384 bits Brainpool EC Group
ecp512bp 30 512 bits Brainpool EC Group