Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: spetrillo on August 10, 2022, 04:11:20 AM

Title: PRF - Phase 1
Post by: spetrillo on August 10, 2022, 04:11:20 AM
Hello all,

New to IPSec VPNs and trying to setup a S2S VPN from my OPNsense device to a Cisco ASA on the other side. The network engineer handling the Cisco side says I am missing PRF in phase 1, but I do not see any option for PRF. Can you point me in the right direction?

Thanks,
Steve
Title: Re: PRF - Phase 1
Post by: nzkiwi68 on August 11, 2022, 04:35:19 AM
PRF stands for Pseudo-Random Function

In this case, make sure your Hash algorithm agrees with the Cisco ASA.

I have seen it whereby the hashing and PRF are set differently, we can't do that in OPNsense and it shouldn't really be needed anyway. So, we can't set a PRF, it's likely that OPNsense just uses whatever you set as the Hash algorithm as the PRF.

Tell them your PRF is SHA256.
Title: Re: PRF - Phase 1
Post by: spetrillo on August 11, 2022, 04:37:49 AM
What configuration option do I set?
Title: Re: PRF - Phase 1
Post by: nzkiwi68 on August 15, 2022, 01:09:13 AM
You can't set a PRF, only a phase 1 hashing algorithm, which, will also be the PRF
Title: Re: PRF - Phase 1
Post by: spetrillo on August 19, 2022, 03:03:58 PM
Got it...thanks!
Text only | Text with Images