Brainpool curves in IKEv2 IPsec VPN
This recipe demonstrates how to establish a more secure IPsec VPN tunnel using high-level “Brainpool curves” for greater encryption, as specified in RFC 6954.
Such high-level cryptography improves the confidentiality, authenticity, and integrity of an IKEv2 IPsec VPN tunnel, which is typically limited by the weakest cryptographic primitive applied to the tunnel.
This recipe assumes that a VPN user group already exists. The example is demonstrated with a site-to-site IPsec VPN tunnel between an ‘HQ’ FortiGate and a ‘Remote Office’ FortiGate.