[Openswan Users] Help with OpenSwan to Fortigate IPsec VPN
paul at xelerance.com
Tue Sep 6 10:46:42 EDT 2011
On Mon, 5 Sep 2011, Tyler J. Wagner wrote:
> Thanks for your help, Nick. I resolved the problem with the help of someone
> on the Fortigate forums.
> The problem was two-fold:
> 1. Reducing the encryption proposals to exactly one on each end.
> 2. Setting the subnet "quick selector" on the Fortigate.
Is there documentation on what "quick selector" is?
> I mistakenly assumed that using multiple encryption offerings would allow
> both ends to negotiate the best choice. That doesn't appear to be true for
> at least one end of this link.
That's normally the case, and that's how the protocol was designed, but
unfortunately a bunch of IPsec implementation silently reject such
More information about the Users