PRF - Phase 1

spetrillo · August 10, 2022, 04:11:20 AM

Hello all,

New to IPSec VPNs and trying to setup a S2S VPN from my OPNsense device to a Cisco ASA on the other side. The network engineer handling the Cisco side says I am missing PRF in phase 1, but I do not see any option for PRF. Can you point me in the right direction?

Thanks,
Steve

nzkiwi68 · August 11, 2022, 04:35:19 AM

PRF stands for Pseudo-Random Function

In this case, make sure your Hash algorithm agrees with the Cisco ASA.

I have seen it whereby the hashing and PRF are set differently, we can't do that in OPNsense and it shouldn't really be needed anyway. So, we can't set a PRF, it's likely that OPNsense just uses whatever you set as the Hash algorithm as the PRF.

Tell them your PRF is SHA256.

spetrillo · August 11, 2022, 04:37:49 AM

What configuration option do I set?

nzkiwi68 · August 15, 2022, 01:09:13 AM

You can't set a PRF, only a phase 1 hashing algorithm, which, will also be the PRF

spetrillo · August 19, 2022, 03:03:58 PM

Got it...thanks!

PRF - Phase 1

spetrillo

August 10, 2022, 04:11:20 AM

nzkiwi68

August 11, 2022, 04:35:19 AM #1

spetrillo

August 11, 2022, 04:37:49 AM #2

nzkiwi68

August 15, 2022, 01:09:13 AM #3

spetrillo

August 19, 2022, 03:03:58 PM #4