I believe I have successfully configured a VPN profile on Windows 10 to use Perfect Forward Secrecy with my UTM. The setting is configured on both sides and the connection allows traffic. Is there any way for me to confirm that PFS is in fact being used? Maybe a certain type of logging needs to be enabled and/or I just need to look for a specific event in the logs.
Hi and welcome to the UTM Community!
If PFS s enabled in the 'L2TP-over-IPsec' IPsec policy, PFS is being used.
I think that if you see no log messages where " we require PFS" appears, that's your confirmation.
On the side that initiates the connection, the IPsec log will have lines that include something like initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP.
Cheers - Bob