Limitations restrictions or behavior changes
While Vyatta NOS does support IKEv1, we strongly recommend that IKEv2 is used to avoid security vulnerabilities associated with IKEv1, such as reflector and Amplifier DoS attacks.
Using IPsec with AES-GCM or AES-CBC
If using IPsec with AES-GCM or AES-CBC, the AES-NI processor/CPU feature must be enabled in the UEFI/BIOS, or in the hypervisor if using a virtual machine. Please consult the UEFI/BIOS configuration manual of your platform vendor for instructions on how to enable the AES-NI processor/CPU feature.