[Swan] no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW (fwd)

Paul Wouters paul at nohats.ca
Tue Mar 15 17:55:14 EET 2022

On Tue, 15 Mar 2022, 1one.w01f wrote:

> Thank you very much for the suggestion. Unfortunately the client doesn't have options for choosing the
> algorithms. I then added
>       ike=3des-md5;modp1536,3des-sha1;modp1536,aes-sha1;modp1536,aes-md5;modp1536

Only use ike=3des-md5;modp1536 as that is the only proposal they are
sending you. Aggressive mode is a bit tricky in you needing to get it
all exactly right. If that by itself does not work, try adding pfs=no

If you can see logs of the fortinet device that would be best, it might
tell you what it does not like.


More information about the Swan mailing list