I just hit upon this way of getting ike-scan to talk to a Fortigate box: + ike-scan --multiline --dhgroup=5 --id=officelan --aggressive -v -v -v fortigate.example.com DEBUG: pkt len=429 bytes, bandwidth=56000 bps, int=65285 us Starting ike-scan 1.9.4 with 1 hosts ( http://www.nta-monitor.com/tools/ike-scan/) Host List:
Entry IP Address Cookie 1 1.1.1.1 79b5d29790b9681f Total of 1 host entries. ... --- Sending packet #1 to host entry 1 (50.231.18.186) tmo 500000 us --- Received packet #1 from 50.231.18.186 50.231.18.186 Aggressive Mode Handshake returned HDR=(CKY-R=9f722584cec7642d) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=5:modp1536 LifeType=Seconds LifeDuration(4)=0x00007080) KeyExchange(192 bytes) Nonce(16 bytes) ID(Type=ID_IPV4_ADDR, Value=50.231.18.186) Hash(20 bytes) VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0) VID=09002689dfd6b712 (XAUTH) VID=8299031757a36082c6a621de00000000 --- Removing host entry 1 (50.231.18.186) - Received 388 bytes Ending ike-scan 1.9.4: 1 hosts scanned in 0.099 seconds (10.11 hosts/sec). 1 returned handshake; 0 returned notify I've tried a number of things in the ike-scan invocation, but the last thing I changed before it started behaving a little better, was to add the --dhgroup=5 . Does that help formulate some educated guesses? Thanks!
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
