IPSEC Cannot set PFS Key to 0 or disabled, WHY?

Started by MasterXBKC, May 08, 2018, 07:04:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 08, 2018, 07:04:01 PM
We have a VPN connection that we need to match up to that sources from a Juniper device, and i know it used to be possible to disable PFS aka Perfect Forward Secrecy, which it is disabled on the other side.

How do we disable this when it will not allow us to change it lower than group 1?
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
May 11, 2018, 07:02:08 PM #1
Just ran across this same issue trying to setup an IPSEC VPN following OPNSENSE roadwarrior guide and others, if you found a solution please advise.
May 11, 2018, 07:23:49 PM #2
May 11, 2018, 07:48:40 PM #3
Should be back in next release ..
May 11, 2018, 09:59:32 PM #4
Thanks, I was unable to get an ipsec vpn working with an IOS device using the documentation / guide and this was the only obvious setting that was different.  There were a few others that I noted (such as the need for setting a user permission that changed in 18.x) but I searched and found and tried alternatives for all else so far. 

Do you think that needing to be "off" is an issue or, if not, I can do some more digging.  I may also try the other "OpenVPN" guide  but was preferring to use a VPN that is native to the iOS mobile platform rather than needing to install a 3rd party app on all the devices.





May 11, 2018, 10:28:24 PM #5
opnsense-patch e0cc1c5d
opnsense-patch 7a353fbf

Via CLI, then you can set it to none ...
May 14, 2018, 10:04:43 AM #6
Will be in 18.1.8.


Cheers,
Franco
Print
Go Up Pages1
User actions