ISAKMP exchange type Base (1)

neerav

Hi all

is there any option to configure ISAKMP exchange type as Base (1) option in the pfSense?
I have to connect to a VPN server which supports ISAKMP exchange type as Base (1) as we have the client machine ready which supports only this option of isakmp….

jimp

It looks like racoon does support that, I'm not sure why we don't offer it as an option.

From racoon.conf(5)

exchange_mode (main | aggressive | base);
                    Defines the exchange mode for phase 1 when racoon is the
                    initiator.  It also means the acceptable exchange mode
                    when racoon is the responder.  More than one mode can be
                    specified by separating them with a comma.  All of the
                    modes are acceptable.  The first exchange mode is what
                    racoon uses when it is the initiator.

Edit /usr/local/www/vpn_ipsec_phase1.php, and on line 631, change this:

$modes = array("main","aggressive");

To this:

$modes = array("main","aggressive","base");

Then it should be an option in the GUI

jimp

Or install the System Patches package and apply the following patch:

https://github.com/bsdperimeter/pfsense/commit/d5d1554278233af6817d14a5a33444e2fdb7f1b9