[Swan] Trying to connect using libreswan to a Fortigate IPsec VPN
dstromberg at keepersecurity.com
Thu Jul 8 17:42:08 UTC 2021
On Thu, Jul 8, 2021 at 9:55 AM Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 8 Jul 2021, Dan Stromberg wrote:
> > I'm trying to connect to a Fortigate server from a Debian 10.10 host.
> I'm seeing no response from the Fortigate server.
> > Lots of specifics about the situation are at:
> No answer to your first packet is almost always a firewall issue.
> If you want, feel free to fire it up against vpn.nohats.ca, which has no
> firewall and will always respond to strange IKE messages with an error.
> If that shows you the same symptoms, it IS a firewall on or near your end.
I've assumed the "it" I'm firing something up against is ike-scan.
$ ike-scan vpn.nohats.ca
Starting ike-scan 1.9.4 with 1 hosts (
Ending ike-scan 1.9.4: 1 hosts scanned in 2.529 seconds (0.40 hosts/sec).
0 returned handshake; 0 returned notify
Could someone not firewalled please run "ike-scan vpn.nohats.ca" and send
output to the list, for the sake of comparison?
On Debian 10 (and presumably derived distributions like Ubuntu), you can
install ike-scan with:
apt install ike-scan
...or you can get it from https://github.com/royhills/ike-scan
You'll probably have to shut down *swan first, if you have it running on
the system in question.
PS: I'm not sure if I'm happy or daunted by the possibility of this being
because of a firewall, as I haven't set one up and fear it may be out of my
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan