config vpn ipsec phase1-interface edit " DialUp_strongswan" set interface " wan1" set dhgrp 2 set proposal aes256-sha1 set localid " publicfqdn.mydomain.com" set remote-gw <public-ip-strongswan> set psksecret **** next endPhase2
config vpn ipsec phase2-interface edit " VPN_StrongSwan" set dst-addr-type ip set keepalive enable set phase1name " DialUp_strongswan" set proposal 3des-sha1 3des-md5 set dhgrp 2 set dst-start-ip 10.177.177.2 set src-subnet 192.168.160.0 255.255.252.0 next endStongswan: Ipsec.conf
config setup charondebug=" dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 3, knl 2, net 2,enc 1, lib 1" # Sample VPN connections conn Fortigate auto=start left=<public-ip-strongswan> leftsubnet=10.177.177.2/255.255.255.255 right=%any rightsubnet=192.168.160.0/22 compress=no #pfs=yes esp=3des-modp1024 #auth=esp authby=secret keyingtries=%foreveripsec.secret
<public-ip-strongswan> %any : PSK " ****"
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ike 7:DialUp_strongswan:16514: out 33A1A643AE381A9800000000000000000110020000000000000000F40D00003800000001000000010000002C010100010000002401010000800B0001800C708080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE000402B1 ike 7:DialUp_strongswan:16514: sent IKE msg (P1_RETRANSMIT): <FG-int-IP>:500-><StrongSwan-ext-IP>:500, len=244, id=33a1a643ae381a98/0000000000000000 ike 7:DialUp_strongswan:16514: negotiation timeout, deleting ike 7:DialUp_strongswan: connection expiring due to phase1 down ike 7:DialUp_strongswan: deleting ike 7:DialUp_strongswan: flushing ike 7:DialUp_strongswan: flushed ike 7:DialUp_strongswan: deleted ike 7:DialUp_strongswan: schedule auto-negotiate ike 7:DialUp_strongswan: auto-negotiate connection ike 7:DialUp_strongswan: created connection: 0x99a3ec8 45 <FG-int-IP>-><StrongSwan-ext-IP>:500. ike 7:DialUp_strongswan:16515: initiator: main mode is sending 1st message... ike 7:DialUp_strongswan:16515: cookie 7c6c13c3406dd63b/0000000000000000 ike 7:DialUp_strongswan:16515: out 7C6C13C3406DD63B00000000000000000110020000000000000000F40D00003800000001000000010000002C010100010000002401010000800B0001800C708080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE000402B1 ike 7:DialUp_strongswan:16515: sent IKE msg (ident_i1send): <FG-int-IP>:500-><StrongSwan-ext-IP>:500, len=244, id=7c6c13c3406dd63b/0000000000000000 ike 7:DialUp_strongswan:16515: out 7C6C13C3406DD63B00000000000000000110020000000000000000F40D00003800000001000000010000002C010100010000002401010000800B0001800C708080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE000402B1 ike 7:DialUp_strongswan:16515: sent IKE msg (P1_RETRANSMIT): <FG-int-IP>:500-><StrongSwan-ext-IP>:500, len=244, id=7c6c13c3406dd63b/0000000000000000StrongSwan@Ubuntu:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/ECP_256/ECP_384/ECP_521/MODP_1024_160/MODP_2048_224/MODP_2048_256/ECP_192/ECP_224/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP Oct 6 20:06:05 Ubuntu charon: 15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Oct 6 20:06:05 Ubuntu charon: 15[IKE] sending XAuth vendor ID Oct 6 20:06:05 Ubuntu charon: 15[IKE] sending DPD vendor ID Oct 6 20:06:05 Ubuntu charon: 15[IKE] sending NAT-T (RFC 3947) vendor ID Oct 6 20:06:05 Ubuntu charon: 15[ENC] generating ID_PROT response 0 [ SA V V V ] Oct 6 20:06:05 Ubuntu charon: 15[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] (136 bytes) Oct 6 20:06:05 Ubuntu charon: 10[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] Oct 6 20:06:11 Ubuntu charon: 09[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] Oct 6 20:06:11 Ubuntu charon: 09[NET] waiting for data on sockets Oct 6 20:06:11 Ubuntu charon: 16[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] (244 bytes) Oct 6 20:06:11 Ubuntu charon: 16[IKE] received retransmit of request with ID 0, retransmitting response Oct 6 20:06:11 Ubuntu charon: 16[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] (136 bytes) Oct 6 20:06:11 Ubuntu charon: 10[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] Oct 6 20:06:23 Ubuntu charon: 09[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] Oct 6 20:06:23 Ubuntu charon: 09[NET] waiting for data on sockets Oct 6 20:06:23 Ubuntu charon: 06[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] (244 bytes) Oct 6 20:06:23 Ubuntu charon: 06[IKE] received retransmit of request with ID 0, retransmitting response Oct 6 20:06:23 Ubuntu charon: 06[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] (136 bytes) Oct 6 20:06:23 Ubuntu charon: 10[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] Oct 6 20:06:35 Ubuntu charon: 05[JOB] deleting half open IKE_SA after timeout Oct 6 20:06:35 Ubuntu charon: 05[IKE] IKE_SA (unnamed)[2] state change: CONNECTING => DESTROYING Oct 6 20:06:36 Ubuntu charon: 09[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] Oct 6 20:06:36 Ubuntu charon: 09[NET] waiting for data on sockets Oct 6 20:06:36 Ubuntu charon: 04[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] (244 bytes) Oct 6 20:06:36 Ubuntu charon: 04[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] Oct 6 20:06:36 Ubuntu charon: 04[CFG] looking for an ike config for <StrongSwan-ext-IP>...<FortiGate-ext-IP> Oct 6 20:06:36 Ubuntu charon: 04[CFG] ike config match: 1048 (<StrongSwan-ext-IP> <FortiGate-ext-IP> IKEv1) Oct 6 20:06:36 Ubuntu charon: 04[CFG] candidate: <StrongSwan-ext-IP>...%any, prio 1048 Oct 6 20:06:36 Ubuntu charon: 04[CFG] found matching ike config: <StrongSwan-ext-IP>...%any with prio 1048 Oct 6 20:06:36 Ubuntu charon: 04[IKE] received NAT-T (RFC 3947) vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Oct 6 20:06:36 Ubuntu charon: 04[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62 Oct 6 20:06:36 Ubuntu charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] received DPD vendor ID Oct 6 20:06:36 Ubuntu charon: 04[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:04:02:b1 Oct 6 20:06:36 Ubuntu charon: 04[IKE] <FortiGate-ext-IP> is initiating a Main Mode IKE_SA Oct 6 20:06:36 Ubuntu charon: 04[IKE] IKE_SA (unnamed)[3] state change: CREATED => CONNECTING Oct 6 20:06:36 Ubuntu charon: 04[CFG] selecting proposal: Oct 6 20:06:36 Ubuntu charon: 04[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 20:06:36 Ubuntu charon: 04[CFG] selecting proposal: Oct 6 20:06:36 Ubuntu charon: 04[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 20:06:36 Ubuntu charon: 04[CFG] selecting proposal: Oct 6 20:06:36 Ubuntu charon: 04[CFG] proposal matches Oct 6 20:06:36 Ubuntu charon: 04[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Oct 6 20:06:36 Ubuntu charon: 04[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/ECP_256/ECP_384/ECP_521/MODP_1024_160/MODP_2048_224/MODP_2048_256/ECP_192/ECP_224/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP Oct 6 20:06:36 Ubuntu charon: 04[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Oct 6 20:06:36 Ubuntu charon: 04[IKE] sending XAuth vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] sending DPD vendor ID Oct 6 20:06:36 Ubuntu charon: 04[IKE] sending NAT-T (RFC 3947) vendor ID Oct 6 20:06:36 Ubuntu charon: 04[ENC] generating ID_PROT response 0 [ SA V V V ] Oct 6 20:06:36 Ubuntu charon: 04[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] (136 bytes) Oct 6 20:06:36 Ubuntu charon: 10[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] Oct 6 20:06:42 Ubuntu charon: 09[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] Oct 6 20:06:42 Ubuntu charon: 09[NET] waiting for data on sockets Oct 6 20:06:42 Ubuntu charon: 03[NET] received packet: from <FortiGate-ext-IP>[63489] to <StrongSwan-ext-IP>[500] (244 bytes) Oct 6 20:06:42 Ubuntu charon: 03[IKE] received retransmit of request with ID 0, retransmitting response Oct 6 20:06:42 Ubuntu charon: 03[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489] (136 bytes) Oct 6 20:06:42 Ubuntu charon: 10[NET] sending packet: from <StrongSwan-ext-IP>[500] to <FortiGate-ext-IP>[63489]
PCNSE
NSE
StrongSwan
config vpn ipsec phase1-interface edit " DialUp_strongswan" set interface " wan1" set dhgrp 14 set proposal 3des-sha1 set dpd disable set remote-gw <public-ip-strongswan> set psksecret ENC **** next end config vpn ipsec phase2-interface edit " VPN_StrongSwan" set auto-negotiate enable set dst-addr-type ip set keepalive enable set pfs disable set phase1name " DialUp_strongswan" set proposal aes128-sha1 set replay disable set dst-start-ip 10.177.177.2 set keylifeseconds 3600 set src-subnet 192.168.160.0 255.255.252.0 next endConfig@StrongSwan
conn Fortigate type=tunnel authby=secret keyexchange=ikev1 auto=start # ike=aes128-sha1;modp1024! ike=3des-sha1-modp2048 left=<public-ip-strongswan> leftsubnet=10.177.177.2/255.255.255.255 right=%any rightsubnet=192.168.160.0/22 compress=no # pfs=no esp=aes128-sha1 #auth=esp keyingtries=%foreverDebug@Fortigate
ike 5:DialUp_strongswan:VPN_StrongSwan: IPsec SA connect 35 10.255.0.2-><public-ip-strongswan> :500 negotiating ike 5:DialUp_strongswan:1769:VPN_StrongSwan:1769: ISAKMP SA still negotiating, queuing quick-mode request ike 5:DialUp_strongswan:1769: out 010E2734A424931200000000000000000110020000000000000000F00D000034000000010000000100000028010100010000002001010000800B0001800C70808001000580030001800200028004000E0D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE000402B1 ike 5:DialUp_strongswan:1769: sent IKE msg (P1_RETRANSMIT): 10.255.0.2:500-><public-ip-strongswan> :500, len=240, id=010e2734a4249312/0000000000000000 ike 5:DialUp_strongswan:VPN_StrongSwan: IPsec SA connect 35 10.255.0.2-><public-ip-strongswan> :500 ike 5:DialUp_strongswan:VPN_StrongSwan: using existing connection ike 5:DialUp_strongswan:VPN_StrongSwan: config found ike 5:DialUp_strongswan:VPN_StrongSwan: IPsec SA connect 35 10.255.0.2-><public-ip-strongswan> :500 ike 5:DialUp_strongswan:VPN_StrongSwan: using existing connection ike 5:DialUp_strongswan:VPN_StrongSwan: config foundDebug@StrongSwan
Oct 11 12:50:45 hetz02 charon: 11[IKE] IKE_SA (unnamed)[10176] state change: CONNECTING => DESTROYING Oct 11 12:50:46 hetz02 charon: 09[NET] received packet: from <public-ip-FortiGate>[61567] to <public-ip-strongswan> [500] Oct 11 12:50:46 hetz02 charon: 15[NET] received packet: from <public-ip-FortiGate>[61567] to <public-ip-strongswan> [500] (240 bytes) Oct 11 12:50:46 hetz02 charon: 15[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] Oct 11 12:50:46 hetz02 charon: 15[CFG] looking for an ike config for <public-ip-strongswan> ...<public-ip-FortiGate> Oct 11 12:50:46 hetz02 charon: 15[CFG] ike config match: 1052 (<public-ip-strongswan> <public-ip-FortiGate> IKEv1) Oct 11 12:50:46 hetz02 charon: 15[CFG] candidate: <public-ip-strongswan> ...%any, prio 1052 Oct 11 12:50:46 hetz02 charon: 15[CFG] found matching ike config: <public-ip-strongswan> ...%any with prio 1052 Oct 11 12:50:46 hetz02 charon: 15[IKE] received NAT-T (RFC 3947) vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Oct 11 12:50:46 hetz02 charon: 15[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62 Oct 11 12:50:46 hetz02 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] received DPD vendor ID Oct 11 12:50:46 hetz02 charon: 15[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:04:02:b1 Oct 11 12:50:46 hetz02 charon: 15[IKE] <public-ip-FortiGate> is initiating a Main Mode IKE_SA Oct 11 12:50:46 hetz02 charon: 15[IKE] IKE_SA (unnamed)[10177] state change: CREATED => CONNECTING Oct 11 12:50:46 hetz02 charon: 15[CFG] selecting proposal: Oct 11 12:50:46 hetz02 charon: 15[CFG] proposal matches Oct 11 12:50:46 hetz02 charon: 15[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Oct 11 12:50:46 hetz02 charon: 15[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/ECP_256/ECP_384/ECP_521/MODP_1024_160/MODP_2048_224/MODP_2048_256/ECP_192/ECP_224/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP Oct 11 12:50:46 hetz02 charon: 15[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Oct 11 12:50:46 hetz02 charon: 15[IKE] sending XAuth vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] sending DPD vendor ID Oct 11 12:50:46 hetz02 charon: 15[IKE] sending NAT-T (RFC 3947) vendor ID Oct 11 12:50:46 hetz02 charon: 15[ENC] generating ID_PROT response 0 [ SA V V V ] Oct 11 12:50:46 hetz02 charon: 15[NET] sending packet: from <public-ip-strongswan> [500] to <public-ip-FortiGate>[61567] (132 bytes) Oct 11 12:50:46 hetz02 charon: 10[NET] sending packet: from <public-ip-strongswan> [500] to <public-ip-FortiGate>[61567] Oct 11 12:50:46 hetz02 charon: 09[NET] waiting for data on sockets
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
I'm currently trying to get this to work, would it be possible for you to post your working configurations?
help, no internet after the creation of the tunnel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.