Wrong ipsec.conf

[ccesario]

After debug my problem reported in the forum - https://forum.opnsense.org/index.php?topic=9552.msg43423 - I fixed it manually and could verify that ipsec.conf is write wrong (well, even my tests :) )

1 - First problem
In Phase 1 proposal (Authentication) screen and My identifier field, I should define manually my IP address as identificator. If I choose the My ip address the ipsec.conf file is generated without leftid option

2 - Second problem
In Phase 2 proposal (SA/Key Exchange) screen when choosed ESP protocol and MD5 Encryption algorithm, the ipsec.conf file is generated with esp = 3des-md5!. But I think that correct is esp = 3des-md5-modp1024! because after chenge it manually, the VPN it work as expected.

My env
OPNsense 18.7.1_3-amd64
FreeBSD 11.1-RELEASE-p12
OpenSSL 1.0.2o 27 Mar 2018

[AdSchellevis]

Hi,

First question is, was the leftid empty or missing and if it was missing, how did the rest of the connection look?

The other issue looks like " DH key group" is set to off.

[ccesario]

Hi @AdSchellevis .

The leftid it was missing, the rest of conifg it was OK. You can check the config file in my forum post. I post all details about.

And "DH key group" it is set as you can see my screenhost configs.

Best regards

Carlos

[AdSchellevis]

Hi Carlo,

It's better to keep the the issue complete in GitHub, when not logged in to the forum the attachments aren't visible. Chances are bigger that anyone provides feedback when the case is thoroughly documented and easy to reproduce.

The second issue looks like a configuration issue on your end like I said, just select 2 (1024 bits) and your issue should be fixed.

Best regards,

Ad

[ccesario]

Hi @AdSchellevis ,
I tried reproduce it in 18.7.2 and it is working as expected.

[AdSchellevis]

@ccesario close?

[ccesario]

Fixed into 18.7.2