Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSEC Cannot set PFS Key to 0 or disabled, WHY?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC Cannot set PFS Key to 0 or disabled, WHY? (Read 5765 times)
MasterXBKC
Jr. Member
Posts: 66
Karma: 6
Infragard Member
IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
on:
May 08, 2018, 07:04:01 pm »
We have a VPN connection that we need to match up to that sources from a Juniper device, and i know it used to be possible to disable PFS aka Perfect Forward Secrecy, which it is disabled on the other side.
How do we disable this when it will not allow us to change it lower than group 1?
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
sedace
Newbie
Posts: 15
Karma: 0
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #1 on:
May 11, 2018, 07:02:08 pm »
Just ran across this same issue trying to setup an IPSEC VPN following OPNSENSE roadwarrior guide and others, if you found a solution please advise.
Logged
mimugmail
Hero Member
Posts: 6765
Karma: 494
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #2 on:
May 11, 2018, 07:23:49 pm »
I reported it to the devs .. should be back soon:
https://github.com/opnsense/core/commit/28d0816229ea024278ff378fda1339867fb9f266
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mimugmail
Hero Member
Posts: 6765
Karma: 494
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #3 on:
May 11, 2018, 07:48:40 pm »
Should be back in next release ..
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
sedace
Newbie
Posts: 15
Karma: 0
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #4 on:
May 11, 2018, 09:59:32 pm »
Thanks, I was unable to get an ipsec vpn working with an
IOS device
using the documentation / guide and this was the only obvious setting that was different. There were a few others that I noted (such as the need for setting a user permission that changed in 18.x) but I searched and found and tried alternatives for all else so far.
Do you think that needing to be "off" is an issue or, if not, I can do some more digging. I may also try the other "OpenVPN" guide but was preferring to use a VPN that is native to the iOS mobile platform rather than needing to install a 3rd party app on all the devices.
Logged
mimugmail
Hero Member
Posts: 6765
Karma: 494
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #5 on:
May 11, 2018, 10:28:24 pm »
opnsense-patch e0cc1c5d
opnsense-patch 7a353fbf
Via CLI, then you can set it to none ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
franco
Administrator
Hero Member
Posts: 17655
Karma: 1610
Re: IPSEC Cannot set PFS Key to 0 or disabled, WHY?
«
Reply #6 on:
May 14, 2018, 10:04:43 am »
Will be in 18.1.8.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSEC Cannot set PFS Key to 0 or disabled, WHY?