<div dir="ltr"><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 8, 2021 at 2:49 PM Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 8 Jul 2021, Dan Stromberg wrote:<br>
I saw both your IKEv1 and IKEv2 attempts hitting the server. Note:<br>
<br>
Jul  8 15:03:53.259967: "<a href="http://vpn.nohats.ca" rel="noreferrer" target="_blank">vpn.nohats.ca</a>"[312] x.x.x.x #854: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;ENCR=3DES;ENCR=DES(UNUSED);PRF=HMAC_SHA1;PRF=HMAC_MD5;INTEG=HMAC_SHA1_96;INTEG=HMAC_MD5_96;DH=MODP1024;DH=MODP1536;DH=MODP2048<br>
<br>
I would drop the DES, 3DES, DH2 and MD5 from your proposals. Still, like<br>
my server they _should_ send you an error back.<br></blockquote><div>How would I do that with ike-scan?  Sorry, l'm a real newb at this.  I know some shell and some basic TCP/IP and UDP/IP, but IKE and IPsec are pretty new to me.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> My IT guy said that the Fortigate server is "in stealth mode", and he seems to be avoiding telling me what that means more specifically.  If I had to<br>
> guess, I'd say maybe he's turned off ICMP, since the server is not ping'able.<br>
<br>
Ask the fortigate people for a log from your IP address? It seems likely<br>
you _are_ hitting their server, so they should have a log entry.<br></blockquote><div>He said he wasn't seeing authentication attempts at all. </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
And double check your IKE parameters with them - likely there is a<br>
mismatch between what you have configured and what they have configured.<br></blockquote><div>What are some example IKE parameters that should be compared?  I'm thinking once I have those, I can google up a list?</div><div><br></div><div>I'm really wanting this to work, in a big way.  Without it, I'll probably have to turn in my Linux Dell for a macOS box, and I just love Linux.  :)</div><div><br></div><div>Is there any way I can set up a small bounty for it?  Seriously, I'm to the point where I'd be willing to pay a bit of money to get it working - and it needs to be documented anyway, given the number of people out there trying to connect to Fortigate  IPsec servers from Linux.</div><div><br></div><div>Thanks! </div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><p dir="ltr" style="color:rgb(136,136,136);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:x-small;line-height:1.8;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">Dan Stromberg </span><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">|</span><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Senior Software Developer</span></p><p dir="ltr" style="color:rgb(136,136,136);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:x-small;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Mobile +1.949-342-6502</span></p><p dir="ltr" style="color:rgb(136,136,136);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:x-small;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="background-color:transparent;color:rgb(0,0,0);font-size:11pt;font-family:Arial;white-space:pre-wrap">  </span></p><p dir="ltr" style="color:rgb(136,136,136);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:x-small;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:transparent;font-size:11pt;color:rgb(17,85,204);vertical-align:baseline"><a href="https://keepersecurity.com/" style="color:rgb(17,85,204)" target="_blank"><img src="https://lh5.googleusercontent.com/_K3JrLcza_aUx59k54wwDGx4R1y01UTYO_HVlpMzJXZ985raZpeGcRwFqdrkkM3Q-KYtgkY25NpYQ1Vqr1EiSPKBsIJsciQggFxJ66uUUk5AOyaDvd2_PyrRuxoP222qU1Fy8A1I" width="157" height="37" style="border: none;"></a></span><span style="background-color:transparent;font-size:11pt;color:rgb(0,0,0);vertical-align:baseline">     </span><br></span></p><p dir="ltr" style="color:rgb(136,136,136);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:x-small;line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:transparent;font-size:11pt;color:rgb(0,0,0);vertical-align:baseline"><br></span></span></p><p dir="ltr" style="color:rgb(136,136,136);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"></span></p><p dir="ltr" style="color:rgb(136,136,136);line-height:1.8;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-size:8pt;white-space:pre-wrap">** This email is confidential and is intended for the recipient(s) addressed herein **</span></p></div></div></div>