Project

General

Profile

Actions

Bug #10734

closed

PFsense don't use wrong proposals

Added by DeeZ A over 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
07/06/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
amd64

Description

Hello.

I use pfsense + miktorik

Configured IPSec (v1):
phase 1 int L2TP 10.100.0.132 main 3DES SHA1 2 (1024 bit)
phase 2 tunnel 192.168.10.0/24 192.168.0.0/24 ESP 3DES SHA1 2 (1024 bit)

But in logs I see that pfsense selecting wrong proposales and ipsec don't works:

Jul 7 08:17:50     charon         13[CFG] <1> selecting proposal:
Jul 7 08:17:50     charon         13[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found
Jul 7 08:17:50     charon         13[CFG] <1> selecting proposal:
Jul 7 08:17:50     charon         13[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found
Jul 7 08:17:50     charon         13[CFG] <1> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 7 08:17:50     charon         13[CFG] <1> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 

2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE

Actions

Also available in: Atom PDF