strongSwan IPsec client (working fine on Fatdog64)
Posted: Sat 21 Jan 2012, 19:13
From my tests on Ubuntu 11.10 strongSwan - http://www.strongswan.org/
is the only IPsec client that works fine connecting to Fortinet Fortigate firewall - http://hwellmann.blogspot.com/2010/08/u ... setup.html
One must indent the lines below each section heading
If you comment single lines in a section then the '#' character must be indented, too
The following keyword is not supported by strongSwan:
interfaces="ipsec0=eth0"
because the native Linux kernel does not have an ipsec0
interface and
esp=aes128-sha1-modp1536,3des-sha1-modp1536
is not a valid notation for IKEv1. If you want a DH-Group
different from the IKE Main Mode one you must define:
esp=aes128-sha1,3des-sha1
pfsgroup=modp1536
sebus
is the only IPsec client that works fine connecting to Fortinet Fortigate firewall - http://hwellmann.blogspot.com/2010/08/u ... setup.html
One must indent the lines below each section heading
If you comment single lines in a section then the '#' character must be indented, too
The following keyword is not supported by strongSwan:
interfaces="ipsec0=eth0"
because the native Linux kernel does not have an ipsec0
interface and
esp=aes128-sha1-modp1536,3des-sha1-modp1536
is not a valid notation for IKEv1. If you want a DH-Group
different from the IKE Main Mode one you must define:
esp=aes128-sha1,3des-sha1
pfsgroup=modp1536
sebus