Messages

1

21.1 Legacy Series / Re: IPsec Mobile VPN - Client doesn't work properly in different P1/P2 settings

« on: May 20, 2021, 03:23:07 pm »

Hi Rainer,

Thanks a lot for these articles. I am studying them. 

2

21.1 Legacy Series / IPsec Mobile VPN - Client doesn't work properly in different P1/P2 settings

« on: May 19, 2021, 09:35:43 am »

Hi,

I have completed IPsec mobile VPN setting on OPNsense 21.1.7 and my MacBook and iPhone can connect to server then access network properly, but I encountered connection problems if I changed P1/P2 with stronger encryption algorithms.

Below I listed my settings and connection results.
Key Exchange version: IKEv1
Authentication method: Mutual PSK + Xauth
Negotiation mode: Main
My identifier: My IP address

Case 1: Client can connect to the server, and VPN connection works properly. 
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + MD5 + Off

Case 2: Change P1's Hash algorithm to SHA256. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA256 + DH Group 2
P2: AES (128 bits) + MD5 + Off

Case 3: Based on case 1 and change P2's Hash algorithm to SHA1. Client can connect to the server, but can't access remote network (ping failure).
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + SHA1 + Off

Case 4: Based on case 1 and change P2's Encryption algorithms to AES 192bits. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (192 bits) + MD5 + Off

Does anyone know what problems are?
Appreciate any ideas, suggestions, or guidance. Thanks.