Draytek modem and Netgate Ipsec problem



  • Hello,

    Netgate device in the center we are using has changed from 2.2.x to 2.3.5. The Ipsec (Site to Site Vpn) connection configured between branches could not be connected after the update was made. When I check Pfsense, “PHP ERROR: Type: 1, File: /etc/inc/config.lib.inc, Line: 982, Message: Call to undefined function pfSense_fsync .DES is no longer supported, IPsec phase 2 item 'Ankara Phase 2' is being disabled.” I get a warning. We use Draytek Vigor 2820 and Vigor 2760 modem in branches. What algorithm and settings can I use to connect these devices? Thank you in advance for your help.


  • Rebel Alliance Developer Netgate

    That's up to what the Draytek supports. DES has been broken for ages, it should never have been in use in a modern environment. If the Draytek supports AES-128 or better, use that. Failing that, at least use 3DES.