Hi, > I am not able to establish a connection with the Android app yet and so > have no proposed ciphers in my log.
Did you check the server log? > I infer that which ciphers are supported by the app depend on the > Android kernel, at least for encryption. No, IPsec is handled completely in userland by libipsec on Android. > How would I find out which > ones these are, currently? The default ESP proposal can be found in the source [1]. Which other algorithms are usable depends on the enabled plugins and the algorithms supported by the used version of OpenSSL/BoringSSL (you can check the IKE proposals, which include all supported algorithms that are not too weak). > PFS must be manually enabled, but which levels are currently supported > in the app? Don't know what you mean with levels. But you don't have to enable PFS manually (unless you refer to the server config, where you do have to configure DH groups), see default proposals above. > And is any form of ntru supported for encryption or key > exchange in the Android app? No. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c;h=806375c2f7152be6503f3239d3a34edbd8c47f6b;hb=HEAD#l834