• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

No Obvious Ipsec errors, but no connection either. Fortinet -> Pfsense Ipsec

Scheduled Pinned Locked Moved IPsec
4 Posts 4 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    geek00990
    last edited by Apr 26, 2018, 7:45 AM

    Trying to connect a pfsense firewall to fortinet firewall using ipsec.

    Sanitized IP addresses replaced by 1.1.1.1 (responder / destination) and 2.2.2.2 (initiator / source)

    I don't see any obvious IPsec errors, am I missing something?

    Error logs below:

    Apr 26 13:08:21	charon		08[NET] <con1000|80>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:08:21	charon		08[IKE] <con1000|80>sending retransmit 1 of response message ID 0, seq 1
Apr 26 13:08:17	charon		08[IKE] <con1000|80>queueing INFORMATIONAL_V1 request as tasks still active
Apr 26 13:08:17	charon		08[NET] <con1000|80>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (60 bytes)
Apr 26 13:08:17	charon		08[CFG] vici client 275 disconnected
Apr 26 13:08:17	charon		11[CFG] vici client 275 requests: list-sas
Apr 26 13:08:17	charon		10[CFG] vici client 275 registered for: list-sa
Apr 26 13:08:17	charon		11[CFG] vici client 275 connected
Apr 26 13:08:17	charon		10[NET] <con1000|80>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:08:17	charon		10[ENC] <con1000|80>generating AGGRESSIVE response 0 [ SA KE No ID V V V HASH ]
Apr 26 13:08:17	charon		10[IKE] <con1000|80>sending FRAGMENTATION vendor ID
Apr 26 13:08:17	charon		10[IKE] <con1000|80>sending DPD vendor ID
Apr 26 13:08:17	charon		10[IKE] <con1000|80>sending XAuth vendor ID
Apr 26 13:08:17	charon		10[CFG] <80> selected peer config "con1000"
Apr 26 13:08:17	charon		10[CFG] <80> candidate "con1000", match: 1/20/3100 (me/other/ike)
Apr 26 13:08:17	charon		10[CFG] <80> candidate "bypasslan", match: 1/1/24 (me/other/ike)
Apr 26 13:08:17	charon		10[CFG] <80> looking for pre-shared key peer configs matching 2.2.2.2...1.1.1.1[1.1.1.1]
Apr 26 13:08:17	charon		10[CFG] <80> selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:08:17	charon		10[CFG] <80> configured proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:08:17	charon		10[CFG] <80> received proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:08:17	charon		10[CFG] <80> proposal matches
Apr 26 13:08:17	charon		10[CFG] <80> selecting proposal:
Apr 26 13:08:17	charon		10[IKE] <80> IKE_SA (unnamed)[80] state change: CREATED => CONNECTING
Apr 26 13:08:17	charon		10[IKE] <80> 1.1.1.1is initiating a Aggressive Mode IKE_SA
Apr 26 13:08:17	charon		10[ENC] <80> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:01:43
Apr 26 13:08:17	charon		10[IKE] <80> received FRAGMENTATION vendor ID
Apr 26 13:08:17	charon		10[IKE] <80> received DPD vendor ID
Apr 26 13:08:17	charon		10[CFG] <80> found matching ike config: 2.2.2.2...1.1.1.1with prio 3100
Apr 26 13:08:17	charon		10[CFG] <80> candidate: 2.2.2.2...1.1.1.1, prio 3100
Apr 26 13:08:17	charon		10[CFG] <80> candidate: %any...%any, prio 24
Apr 26 13:08:17	charon		10[CFG] <80> looking for an ike config for 2.2.2.2...1.1.1.1
Apr 26 13:08:17	charon		10[ENC] <80> parsed AGGRESSIVE request 0 [ SA KE No ID V V V ]
Apr 26 13:08:17	charon		10[NET] <80> received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:08:16	charon		10[IKE] <con1000|79>IKE_SA con1000[79] state change: CONNECTING => DESTROYING
Apr 26 13:08:16	charon		10[JOB] <con1000|79>deleting half open IKE_SA with 1.1.1.1after timeout
Apr 26 13:08:11	charon		11[CFG] vici client 274 disconnected
Apr 26 13:08:11	charon		14[CFG] vici client 274 requests: list-sas
Apr 26 13:08:11	charon		10[CFG] vici client 274 registered for: list-sa
Apr 26 13:08:11	charon		08[CFG] vici client 274 connected
Apr 26 13:08:10	charon		08[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:08:10	charon		08[IKE] <con1000|79>sending retransmit 3 of response message ID 0, seq 1
Apr 26 13:08:05	charon		08[CFG] vici client 273 disconnected
Apr 26 13:08:05	charon		14[CFG] vici client 273 requests: list-sas
Apr 26 13:08:05	charon		08[CFG] vici client 273 registered for: list-sa
Apr 26 13:08:05	charon		14[CFG] vici client 273 connected
Apr 26 13:08:04	charon		08[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:08:04	charon		08[IKE] <con1000|79>received retransmit of request with ID 0, retransmitting response
Apr 26 13:08:04	charon		08[NET] <con1000|79>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:59	charon		08[CFG] vici client 272 disconnected
Apr 26 13:07:59	charon		14[CFG] vici client 272 requests: list-sas
Apr 26 13:07:59	charon		15[CFG] vici client 272 registered for: list-sa
Apr 26 13:07:59	charon		15[CFG] vici client 272 connected
Apr 26 13:07:57	charon		08[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:57	charon		08[IKE] <con1000|79>sending retransmit 2 of response message ID 0, seq 1
Apr 26 13:07:53	charon		08[CFG] vici client 271 disconnected
Apr 26 13:07:53	charon		15[CFG] vici client 271 requests: list-sas
Apr 26 13:07:53	charon		14[CFG] vici client 271 registered for: list-sa
Apr 26 13:07:53	charon		08[CFG] vici client 271 connected
Apr 26 13:07:52	charon		07[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:52	charon		07[IKE] <con1000|79>received retransmit of request with ID 0, retransmitting response
Apr 26 13:07:52	charon		07[NET] <con1000|79>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:50	charon		07[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:50	charon		07[IKE] <con1000|79>sending retransmit 1 of response message ID 0, seq 1
Apr 26 13:07:47	charon		07[CFG] vici client 270 disconnected
Apr 26 13:07:47	charon		07[CFG] vici client 270 requests: list-sas
Apr 26 13:07:47	charon		08[CFG] vici client 270 registered for: list-sa
Apr 26 13:07:47	charon		07[CFG] vici client 270 connected
Apr 26 13:07:46	charon		07[IKE] <con1000|79>queueing INFORMATIONAL_V1 request as tasks still active
Apr 26 13:07:46	charon		07[NET] <con1000|79>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (60 bytes)
Apr 26 13:07:46	charon		05[NET] <con1000|79>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:46	charon		05[ENC] <con1000|79>generating AGGRESSIVE response 0 [ SA KE No ID V V V HASH ]
Apr 26 13:07:46	charon		05[IKE] <con1000|79>sending FRAGMENTATION vendor ID
Apr 26 13:07:46	charon		05[IKE] <con1000|79>sending DPD vendor ID
Apr 26 13:07:46	charon		05[IKE] <con1000|79>sending XAuth vendor ID
Apr 26 13:07:46	charon		05[CFG] <79> selected peer config "con1000"
Apr 26 13:07:46	charon		05[CFG] <79> candidate "con1000", match: 1/20/3100 (me/other/ike)
Apr 26 13:07:46	charon		05[CFG] <79> candidate "bypasslan", match: 1/1/24 (me/other/ike)
Apr 26 13:07:46	charon		05[CFG] <79> looking for pre-shared key peer configs matching 2.2.2.2...1.1.1.1[1.1.1.1]
Apr 26 13:07:46	charon		05[CFG] <79> selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:46	charon		05[CFG] <79> configured proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:46	charon		05[CFG] <79> received proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:46	charon		05[CFG] <79> proposal matches
Apr 26 13:07:46	charon		05[CFG] <79> selecting proposal:
Apr 26 13:07:46	charon		05[IKE] <79> IKE_SA (unnamed)[79] state change: CREATED => CONNECTING
Apr 26 13:07:46	charon		05[IKE] <79> 1.1.1.1is initiating a Aggressive Mode IKE_SA
Apr 26 13:07:46	charon		05[ENC] <79> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:01:43
Apr 26 13:07:46	charon		05[IKE] <79> received FRAGMENTATION vendor ID
Apr 26 13:07:46	charon		05[IKE] <79> received DPD vendor ID
Apr 26 13:07:46	charon		05[CFG] <79> found matching ike config: 2.2.2.2...1.1.1.1with prio 3100
Apr 26 13:07:46	charon		05[CFG] <79> candidate: 2.2.2.2...1.1.1.1, prio 3100
Apr 26 13:07:46	charon		05[CFG] <79> candidate: %any...%any, prio 24
Apr 26 13:07:46	charon		05[CFG] <79> looking for an ike config for 2.2.2.2...1.1.1.1
Apr 26 13:07:46	charon		05[ENC] <79> parsed AGGRESSIVE request 0 [ SA KE No ID V V V ]
Apr 26 13:07:46	charon		05[NET] <79> received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:45	charon		05[IKE] <con1000|78>IKE_SA con1000[78] state change: CONNECTING => DESTROYING
Apr 26 13:07:45	charon		05[JOB] <con1000|78>deleting half open IKE_SA with 1.1.1.1after timeout
Apr 26 13:07:41	charon		05[CFG] vici client 269 disconnected
Apr 26 13:07:41	charon		07[CFG] vici client 269 requests: list-sas
Apr 26 13:07:41	charon		07[CFG] vici client 269 registered for: list-sa
Apr 26 13:07:41	charon		08[CFG] vici client 269 connected
Apr 26 13:07:39	charon		07[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:39	charon		07[IKE] <con1000|78>sending retransmit 3 of response message ID 0, seq 1
Apr 26 13:07:35	charon		16[CFG] vici client 268 disconnected
Apr 26 13:07:35	charon		07[CFG] vici client 268 requests: list-sas
Apr 26 13:07:35	charon		16[CFG] vici client 268 registered for: list-sa
Apr 26 13:07:35	charon		07[CFG] vici client 268 connected
Apr 26 13:07:33	charon		08[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:33	charon		08[IKE] <con1000|78>received retransmit of request with ID 0, retransmitting response
Apr 26 13:07:33	charon		08[NET] <con1000|78>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:29	charon		08[CFG] vici client 267 disconnected
Apr 26 13:07:29	charon		13[CFG] vici client 267 requests: list-sas
Apr 26 13:07:29	charon		07[CFG] vici client 267 registered for: list-sa
Apr 26 13:07:29	charon		13[CFG] vici client 267 connected
Apr 26 13:07:26	charon		08[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:26	charon		08[IKE] <con1000|78>sending retransmit 2 of response message ID 0, seq 1
Apr 26 13:07:23	charon		08[CFG] vici client 266 disconnected
Apr 26 13:07:23	charon		08[CFG] vici client 266 requests: list-sas
Apr 26 13:07:23	charon		06[CFG] vici client 266 registered for: list-sa
Apr 26 13:07:23	charon		08[CFG] vici client 266 connected
Apr 26 13:07:21	charon		13[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:21	charon		13[IKE] <con1000|78>received retransmit of request with ID 0, retransmitting response
Apr 26 13:07:21	charon		13[NET] <con1000|78>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:19	charon		13[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:19	charon		13[IKE] <con1000|78>sending retransmit 1 of response message ID 0, seq 1
Apr 26 13:07:17	charon		13[CFG] vici client 265 disconnected
Apr 26 13:07:17	charon		13[CFG] vici client 265 requests: list-sas
Apr 26 13:07:17	charon		12[CFG] vici client 265 registered for: list-sa
Apr 26 13:07:17	charon		13[CFG] vici client 265 connected
Apr 26 13:07:15	charon		13[IKE] <con1000|78>queueing INFORMATIONAL_V1 request as tasks still active
Apr 26 13:07:15	charon		13[NET] <con1000|78>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (60 bytes)
Apr 26 13:07:15	charon		13[NET] <con1000|78>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:15	charon		13[ENC] <con1000|78>generating AGGRESSIVE response 0 [ SA KE No ID V V V HASH ]
Apr 26 13:07:15	charon		13[IKE] <con1000|78>sending FRAGMENTATION vendor ID
Apr 26 13:07:15	charon		13[IKE] <con1000|78>sending DPD vendor ID
Apr 26 13:07:15	charon		13[IKE] <con1000|78>sending XAuth vendor ID
Apr 26 13:07:15	charon		13[CFG] <78> selected peer config "con1000"
Apr 26 13:07:15	charon		13[CFG] <78> candidate "con1000", match: 1/20/3100 (me/other/ike)
Apr 26 13:07:15	charon		13[CFG] <78> candidate "bypasslan", match: 1/1/24 (me/other/ike)
Apr 26 13:07:15	charon		13[CFG] <78> looking for pre-shared key peer configs matching 2.2.2.2...1.1.1.1[1.1.1.1]
Apr 26 13:07:15	charon		13[CFG] <78> selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:15	charon		13[CFG] <78> configured proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:15	charon		13[CFG] <78> received proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 26 13:07:15	charon		13[CFG] <78> proposal matches
Apr 26 13:07:15	charon		13[CFG] <78> selecting proposal:
Apr 26 13:07:15	charon		13[IKE] <78> IKE_SA (unnamed)[78] state change: CREATED => CONNECTING
Apr 26 13:07:15	charon		13[IKE] <78> 1.1.1.1is initiating a Aggressive Mode IKE_SA
Apr 26 13:07:15	charon		13[ENC] <78> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:01:43
Apr 26 13:07:15	charon		13[IKE] <78> received FRAGMENTATION vendor ID
Apr 26 13:07:15	charon		13[IKE] <78> received DPD vendor ID
Apr 26 13:07:15	charon		13[CFG] <78> found matching ike config: 2.2.2.2...1.1.1.1with prio 3100
Apr 26 13:07:15	charon		13[CFG] <78> candidate: 2.2.2.2...1.1.1.1, prio 3100
Apr 26 13:07:15	charon		13[CFG] <78> candidate: %any...%any, prio 24
Apr 26 13:07:15	charon		13[CFG] <78> looking for an ike config for 2.2.2.2...1.1.1.1
Apr 26 13:07:15	charon		13[ENC] <78> parsed AGGRESSIVE request 0 [ SA KE No ID V V V ]
Apr 26 13:07:15	charon		13[NET] <78> received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)
Apr 26 13:07:14	charon		13[IKE] <con1000|77>IKE_SA con1000[77] state change: CONNECTING => DESTROYING
Apr 26 13:07:14	charon		13[JOB] <con1000|77>deleting half open IKE_SA with 1.1.1.1after timeout
Apr 26 13:07:11	charon		13[CFG] vici client 264 disconnected
Apr 26 13:07:11	charon		13[CFG] vici client 264 requests: list-sas
Apr 26 13:07:11	charon		12[CFG] vici client 264 registered for: list-sa
Apr 26 13:07:11	charon		11[CFG] vici client 264 connected
Apr 26 13:07:08	charon		13[NET] <con1000|77>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:08	charon		13[IKE] <con1000|77>sending retransmit 3 of response message ID 0, seq 1
Apr 26 13:07:05	charon		13[CFG] vici client 263 disconnected
Apr 26 13:07:05	charon		11[CFG] vici client 263 requests: list-sas
Apr 26 13:07:05	charon		11[CFG] vici client 263 registered for: list-sa
Apr 26 13:07:05	charon		11[CFG] vici client 263 connected
Apr 26 13:07:02	charon		10[NET] <con1000|77>sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (336 bytes)
Apr 26 13:07:02	charon		10[IKE] <con1000|77>received retransmit of request with ID 0, retransmitting response
Apr 26 13:07:02	charon		10[NET] <con1000|77>received packet: from 1.1.1.1[500] to 2.2.2.2[500] (304 bytes)</con1000|77></con1000|77></con1000|77></con1000|77></con1000|77></con1000|77></con1000|77></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|78></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|79></con1000|80></con1000|80></con1000|80></con1000|80></con1000|80></con1000|80></con1000|80></con1000|80></con1000|80>
    1 Reply Last reply Reply Quote 0
    • R
      Ramsez
      last edited by May 31, 2018, 5:42 PM

      I have the exact same problem. I also see 2 entries in pfsense's IPsec status, one responder and the other initiator, never seen that before. I've configured my connection to be only responder and there's still no change.
      Logs on Fortinet show that negociation for phase 1 is successful but, not connecting.

      Hope someone has an idea/fix. Restarting service or pfsense, didn't change anything.

      1 Reply Last reply Reply Quote 0
      • G
        gerdesj
        last edited by Jun 29, 2018, 2:37 PM

        I have IPSEC working very reliably between Fortinet and pfSense. Here are some notes:

        I have set a Maximum MMS on the pfSense end (IPSEC -> Advanced) mine is currently 1390.

        I use MAIN mode, I can see AGGRESSIVE mode mentioned in your log. I also use IKEv2 not v1. Also, if you have multiple P2s then tick "Split Connections".

        If you use CARP then ensure you are not outbound NATting your IPSEC traffic.

        DPD is enabled.

        I also once "fixed" a problem with a reboot at both ends.

        1 Reply Last reply Reply Quote 1
        • P
          phildrum11
          last edited by phildrum11 Oct 11, 2021, 8:05 AM Oct 11, 2021, 8:04 AM

          Bonjour,
          je rencontre actuellement le meme probleme entre un pfsense et un fortinet. J'ai appliqué les propositions de gerdesj (hormis le reboot coté fortinet).
          Pour le moment le probleme persiste.
          Si quelqu'un a une idée.
          Merci

          Hello,
          I currently encounter the same problem between a pfsense and a fortinet. I applied the proposals of gerdesj (apart from the reboot on the fortinet side).
          For the moment the problem persists.
          If someone has an idea.
          Thank you

          Oct 11 09:46:30 charon 55488 06[NET] <con100000|1> sending packet: from 10.10.10.254[500] to 84.14.183.243[500] (336 bytes)
          Oct 11 09:46:30 charon 55488 06[IKE] <con100000|1> retransmit 1 of request with message ID 0
          Oct 11 09:46:30 charon 55488 06[CFG] ignoring acquire, connection attempt pending
          Oct 11 09:46:30 charon 55488 06[KNL] creating acquire job for policy 10.10.10.254/32|/0 === 84.14.183.243/32|/0 with reqid {1}
          Oct 11 09:46:29 charon 55488 06[CFG] ignoring acquire, connection attempt pending
          Oct 11 09:46:29 charon 55488 06[KNL] creating acquire job for policy 10.10.10.254/32|/0 === 84.14.183.243/32|/0 with reqid {1}
          Oct 11 09:46:28 charon 55488 07[CFG] vici client 2 disconnected
          Oct 11 09:46:28 charon 55488 07[CFG] vici client 2 requests: list-sas
          Oct 11 09:46:28 charon 55488 07[CFG] vici client 2 registered for: list-sa
          Oct 11 09:46:28 charon 55488 07[CFG] vici client 2 connected
          Oct 11 09:46:26 charon 55488 06[NET] <con100000|1> sending packet: from 10.10.10.254[500] to 84.14.183.243[500] (336 bytes)
          Oct 11 09:46:26 charon 55488 06[ENC] <con100000|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
          Oct 11 09:46:26 charon 55488 06[CFG] <con100000|1> sending supported signature hash algorithms: sha256 sha384 sha512 identity
          Oct 11 09:46:26 charon 55488 06[CFG] <con100000|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
          Oct 11 09:46:26 charon 55488 06[IKE] <con100000|1> IKE_SA con100000[1] state change: CREATED => CONNECTING

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received