Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected - pfSense Packages - pfSense bugtracker

Bug #13368

The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it: 

 AES256-GCM | 128 bits | SHA384 | 20 (nist ecp384) 
 > Phase 1 DH Group unsupported by this client. Supported values are (1, 2, 14, 19, 20, 24) 

 Switching the Algorithm from @AES256-GCM@ to @AES@ allows the wizard to export a profile. 
 

 Additionally, the @DestinationPrefix@ parameter for @Add-VpnConnectionRoute@ does not accept @0.0.0.0/0@, hence the command will fail when the P2 includes that as the local network. This command is meant for split tunneling and should not be included when the P2 local network is @0.0.0.0/0@.

Back

Project

General

Profile

pfSense » pfSense Packages

Bug #13368