[Openswan Users] Help with OpenSwan to Fortigate IPsec VPN
Paul Wouters
paul at xelerance.com
Tue Sep 6 10:46:42 EDT 2011
On Mon, 5 Sep 2011, Tyler J. Wagner wrote:
> Thanks for your help, Nick. I resolved the problem with the help of someone
> on the Fortigate forums.
>
> http://support.fortinet.com/forum/tm.asp?m=76296&p=1&tmode=1&smode=1
>
> The problem was two-fold:
>
> 1. Reducing the encryption proposals to exactly one on each end.
> 2. Setting the subnet "quick selector" on the Fortigate.
Is there documentation on what "quick selector" is?
> I mistakenly assumed that using multiple encryption offerings would allow
> both ends to negotiate the best choice. That doesn't appear to be true for
> at least one end of this link.
That's normally the case, and that's how the protocol was designed, but
unfortunately a bunch of IPsec implementation silently reject such
proposals..
Paul
More information about the Users
mailing list