On Thu, Jul 8, 2021 at 9:55 AM Paul Wouters <[email protected]> wrote: > On Thu, 8 Jul 2021, Dan Stromberg wrote: > > > I'm trying to connect to a Fortigate server from a Debian 10.10 host. > I'm seeing no response from the Fortigate server. > > > > Lots of specifics about the situation are at: > > > https://superuser.com/questions/1661309/libreswan-fortigate-ipsec-only-no-ssl-gives-60-second-timeout-exceeded-af > > No answer to your first packet is almost always a firewall issue. > > If you want, feel free to fire it up against vpn.nohats.ca, which has no > firewall and will always respond to strange IKE messages with an error. > > If that shows you the same symptoms, it IS a firewall on or near your end. >
I've assumed the "it" I'm firing something up against is ike-scan. I'm getting: $ ike-scan vpn.nohats.ca Starting ike-scan 1.9.4 with 1 hosts ( http://www.nta-monitor.com/tools/ike-scan/) Ending ike-scan 1.9.4: 1 hosts scanned in 2.529 seconds (0.40 hosts/sec). 0 returned handshake; 0 returned notify Could someone not firewalled please run "ike-scan vpn.nohats.ca" and send output to the list, for the sake of comparison? On Debian 10 (and presumably derived distributions like Ubuntu), you can install ike-scan with: apt install ike-scan ...or you can get it from https://github.com/royhills/ike-scan You'll probably have to shut down *swan first, if you have it running on the system in question. Thanks! PS: I'm not sure if I'm happy or daunted by the possibility of this being because of a firewall, as I haven't set one up and fear it may be out of my control.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
