[Openswan Users] Help with OpenSwan to Fortigate IPsec VPN

Paul Wouters paul at xelerance.com
Tue Sep 6 10:46:42 EDT 2011


On Mon, 5 Sep 2011, Tyler J. Wagner wrote:

> Thanks for your help, Nick. I resolved the problem with the help of someone
> on the Fortigate forums.
>
> http://support.fortinet.com/forum/tm.asp?m=76296&p=1&tmode=1&smode=1
>
> The problem was two-fold:
>
> 1. Reducing the encryption proposals to exactly one on each end.
> 2. Setting the subnet "quick selector" on the Fortigate.

Is there documentation on what "quick selector" is?

> I mistakenly assumed that using multiple encryption offerings would allow
> both ends to negotiate the best choice. That doesn't appear to be true for
> at least one end of this link.

That's normally the case, and that's how the protocol was designed, but
unfortunately a bunch of IPsec implementation silently reject such
proposals..

Paul


More information about the Users mailing list