Hello Lorenzo,
if you define DH group 15 (modp3072) only but the peer's proposals
are for MODP1536 and MODP2048 then the negotiatio hast to fail with
ike Negotiate ISAKMP SA Error: ike
0:fc70f37fa6c9ee8d/:383: no SA proposal chosen
Best regards
Andreas
On 01.03.2021 08:03,
Hi.
I'm trying to set up a IPSec connection between a StrongSwan server and a
Fortigate device. Auth uses PSK, so according to [1] I've chosen IKEv1. The
Fortigate is behind an ADSL modem.
In Fortinet I've set P1 to enc AES256 auth SHA256, DH 15, key lifetime 86400.
This is ipsec.conf:
config
