On Tue, 15 Mar 2022, 1one.w01f wrote:
Thank you very much for the suggestion. Unfortunately the client doesn't have
options for choosing the
algorithms. I then added
ike=3des-md5;modp1536,3des-sha1;modp1536,aes-sha1;modp1536,aes-md5;modp1536
Only use ike=3des-md5;modp1536 as that is the only proposal they are
sending you. Aggressive mode is a bit tricky in you needing to get it
all exactly right. If that by itself does not work, try adding pfs=no
If you can see logs of the fortinet device that would be best, it might
tell you what it does not like.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
