"
Hi Rainer,
Thanks a lot for these articles. I am studying them. :)
Thanks a lot for these articles. I am studying them. :)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
21.1 Legacy Series / Re: IPsec Mobile VPN - Client doesn't work properly in different P1/P2 settings
May 20, 2021, 03:23:07 PM #2
21.1 Legacy Series / IPsec Mobile VPN - Client doesn't work properly in different P1/P2 settings
May 19, 2021, 09:35:43 AM
Hi,
I have completed IPsec mobile VPN setting on OPNsense 21.1.7 and my MacBook and iPhone can connect to server then access network properly, but I encountered connection problems if I changed P1/P2 with stronger encryption algorithms.
Below I listed my settings and connection results.
Key Exchange version: IKEv1
Authentication method: Mutual PSK + Xauth
Negotiation mode: Main
My identifier: My IP address
Case 1: Client can connect to the server, and VPN connection works properly.
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + MD5 + Off
Case 2: Change P1's Hash algorithm to SHA256. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA256 + DH Group 2
P2: AES (128 bits) + MD5 + Off
Case 3: Based on case 1 and change P2's Hash algorithm to SHA1. Client can connect to the server, but can't access remote network (ping failure).
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + SHA1 + Off
Case 4: Based on case 1 and change P2's Encryption algorithms to AES 192bits. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (192 bits) + MD5 + Off
Does anyone know what problems are?
Appreciate any ideas, suggestions, or guidance. Thanks.
I have completed IPsec mobile VPN setting on OPNsense 21.1.7 and my MacBook and iPhone can connect to server then access network properly, but I encountered connection problems if I changed P1/P2 with stronger encryption algorithms.
Below I listed my settings and connection results.
Key Exchange version: IKEv1
Authentication method: Mutual PSK + Xauth
Negotiation mode: Main
My identifier: My IP address
Case 1: Client can connect to the server, and VPN connection works properly.
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + MD5 + Off
Case 2: Change P1's Hash algorithm to SHA256. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA256 + DH Group 2
P2: AES (128 bits) + MD5 + Off
Case 3: Based on case 1 and change P2's Hash algorithm to SHA1. Client can connect to the server, but can't access remote network (ping failure).
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (128 bits) + SHA1 + Off
Case 4: Based on case 1 and change P2's Encryption algorithms to AES 192bits. Client can't connect to the server, it pops up "Server didn't respond."
P1: AES (128 bits) + SHA1 + DH Group 2
P2: AES (192 bits) + MD5 + Off
Does anyone know what problems are?
Appreciate any ideas, suggestions, or guidance. Thanks.
Pages1
