[Swan] Trying to connect using libreswan to a Fortigate IPsec VPN

Dan Stromberg dstromberg at keepersecurity.com
Tue Jul 13 04:04:59 UTC 2021


I just hit upon this way of getting ike-scan to talk to a Fortigate box:

+ ike-scan --multiline --dhgroup=5 --id=officelan --aggressive -v -v -v
fortigate.example.com
DEBUG: pkt len=429 bytes, bandwidth=56000 bps, int=65285 us
Starting ike-scan 1.9.4 with 1 hosts (
http://www.nta-monitor.com/tools/ike-scan/)
Host List:

Entry IP Address Cookie
1 1.1.1.1 79b5d29790b9681f

Total of 1 host entries.

...

--- Sending packet #1 to host entry 1 (50.231.18.186) tmo 500000 us
--- Received packet #1 from 50.231.18.186
50.231.18.186 Aggressive Mode Handshake returned
HDR=(CKY-R=9f722584cec7642d)
SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=5:modp1536 LifeType=Seconds
LifeDuration(4)=0x00007080)
KeyExchange(192 bytes)
Nonce(16 bytes)
ID(Type=ID_IPV4_ADDR, Value=50.231.18.186)
Hash(20 bytes)
VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
VID=09002689dfd6b712 (XAUTH)
VID=8299031757a36082c6a621de00000000
--- Removing host entry 1 (50.231.18.186) - Received 388 bytes

Ending ike-scan 1.9.4: 1 hosts scanned in 0.099 seconds (10.11 hosts/sec).
 1 returned handshake; 0 returned notify

I've tried a number of things in the ike-scan invocation, but the last
thing I changed before it started behaving a little better, was to add the
--dhgroup=5 .

Does that help formulate some educated guesses?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210712/eedfe4ba/attachment.html>


More information about the Swan mailing list