[pfSense] IPSec Bug?

Roland Giesler Tue, 24 Jan 2017 09:42:03 -0800

We've battled all afternoon to establish an IPSec site-to-site connection.
Here's what happens:


TimeProcessPIDMessage
Jan 17 15:58:53 charon 05[NET] <197> sending packet: from
129.232.232.130[500] to 105.27.116.62[500] (56 bytes)
Jan 17 15:58:53 charon 05[ENC] <197> generating INFORMATIONAL_V1 request
2809641300 [ N(NO_PROP) ]
Jan 17 15:58:53 charon 05[IKE] <197> no proposal found
Jan 17 15:58:53 charon 05[CFG] <197> configured proposals:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024
Jan 17 15:58:53 charon 05[CFG] <197> received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Jan 17 15:58:53 charon 05[IKE] <197> 105.27.116.62 is initiating a
Aggressive Mode IKE_SA

The strange thing is that I have set 3DES and SHA1 to in my setup, yet it
is not being offered.  I have also test quite a few other like AES 265 and
SHA2, but they are also not offered.  The other side (SonicWall) is
offering what we set mutually.

Is this a bug?  If now, how to I force pfSense to behave and start using
the settings I set.

IPSec IKE V2 with pre-shared key.

I'm running 2.3.2_1

Anyone that has seen this?

regards


Roland Giesler
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] IPSec Bug?

Reply via email to