crypted Secure Payload) defines what cipher, hash and PFSGroup you wish to use for the connection.
Default: esp=aes
Examples:
# ONLY allow AES 256bit w/MD5 esp=!aes256-md5 # Prefer aes, 3des, blowfish in that order, but permit other combinations esp=aes,3des,blowfish # Only permit AES or 3DES with MD5 or SHA1 esp=!aes-md5,!aes-sha1,!3des-md5,!3des-sha1
