IPSEC Cannot set PFS Key to 0 or disabled, WHY?

Started by MasterXBKC, May 08, 2018, 07:04:01 PM

Previous topic - Next topic
We have a VPN connection that we need to match up to that sources from a Juniper device, and i know it used to be possible to disable PFS aka Perfect Forward Secrecy, which it is disabled on the other side.

How do we disable this when it will not allow us to change it lower than group 1?
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP

Just ran across this same issue trying to setup an IPSEC VPN following OPNSENSE roadwarrior guide and others, if you found a solution please advise.



Thanks, I was unable to get an ipsec vpn working with an IOS device using the documentation / guide and this was the only obvious setting that was different.  There were a few others that I noted (such as the need for setting a user permission that changed in 18.x) but I searched and found and tried alternatives for all else so far. 

Do you think that needing to be "off" is an issue or, if not, I can do some more digging.  I may also try the other "OpenVPN" guide  but was preferring to use a VPN that is native to the iOS mobile platform rather than needing to install a 3rd party app on all the devices.






opnsense-patch e0cc1c5d
opnsense-patch 7a353fbf

Via CLI, then you can set it to none ...