This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend
Monday

Hi everyone,

Just had remote with Rafael. Based on the debug, Im 100% positive it has to be something with the enc. settings thats mismatched. @LM-Rafael , I just opened the link I found for Frotzbox, can you ensure phase 1 on CP side is showing DH group 2, since I dont believe it works with DH group 14.

For phase 2, you can also use group 2, but then PFS needs to be on.

Andy

 

RS details:

 

-remote with Rafeal

tunnel is down at the moment

verified config file from the Fritzbox device, seems correct

phase 1 and phase 2 settings from Fritzbox config file

sharing is per subnet only

enc settings aes256 sha 512 and DH group 14

verified the rule as well, both subnets in src/dst and correct community under vpn column -> accept

installed the policy

checked tunnel status

on Fritz box, we just see status of the tunnel as unknown

checked CP side via vpn tunnel

ran debug on cp side -> fw ctl zdebug + drop | grep peer_IP

debug -> clear text packet should be encrypted

dpd is disabled on peer side, so we also disabled on cp side, along with nat within vpn community

disabled pfs, since its not supported on Fritzbox end

tested again -> same issue

Rafael will confirm phase 1 and 2 settings on Fritzbox side

(1)
Who rated this post