Ipsec connection in linux mint with strongswan

actunderdc · ‎02-25-2024

Hi all,

I am able to connect to a Fortinet VPN server from Windows 10 using Fortinet Client v6.0.9.0277. My configuration is displayed in the following 2 pictures:

But, from linux mint, using strongswan I am unable to connect. Here is my configuration:

# ipsec.conf - strongSwan IPsec configuration file
conn FortinetVPN
    keyexchange=ikev1
    aggressive=yes
    authby=secret
    left=%defaultroute
    leftauth=psk
    leftid=My_User_name
    right=VPN_IP_HERE
    rightauth=psk
    rightid=%any
    rightsubnet=0.0.0.0/0
    ike=aes256-sha256-modp1536,aes128-sha1-modp1536!
    esp=aes256-sha1-modp1536,aes128-sha1-modp1536!
    dpdaction=clear
    dpddelay=30s
    dpdtimeout=150s
    ikelifetime=86400s
    lifetime=43200s
    keylife=43200s
    rekeymargin=3m
    keyingtries=1
    auto=add
    type=tunnel
    replay_window=32
    mobike=no
    forceencaps=yes

#ipsec.secrets

My_User_name : PSK "My_Preshared_key"
My_User_name : XAUTH "My_Password"

The output I am getting is:

sudo ipsec up FortinetVPN 
initiating Aggressive Mode IKE_SA FortinetVPN[1] to VPN_IP_HERE
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.2.15[500] to VPN_IP_HERE[500] (475 bytes)
received packet: from VPN_IP_HERE[500] to 10.0.2.15[500] (540 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
local host is behind NAT, sending keep alives
IKE_SA FortinetVPN[1] established between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
scheduling reauthentication in 86166s
maximum IKE_SA lifetime 86346s
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (140 bytes)
generating QUICK_MODE request 1993355718 [ HASH SA No KE ID ID ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (428 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
queueing TRANSACTION request as tasks still active
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (108 bytes)
parsed INFORMATIONAL_V1 request 1651800496 [ HASH D ]
received DELETE for IKE_SA FortinetVPN[1]
deleting IKE_SA FortinetVPN[1] between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
establishing connection 'FortinetVPN' failed

I suppose that I am doing something wrong in the config file, but I am unable to figure out what.

Any help would be highly appreciated. Thank you very much!

strongX509 · ‎02-28-2024

Have you tried rightsubnet=172.28.2.0/24 or whatever the subnet mask is.

View solution in original post

AEK · ‎02-26-2024

Hi

Try debug from FG side.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

AEK

strongX509 · ‎02-26-2024

Add leftauth2=xauth to ipsec.conf.

actunderdc · ‎02-26-2024

@AEK, unfortunately I don't have access to the server side :(

@strongX509, thank you! I made some progress with your suggestion!

Now, Microsoft Authenticator is providing me a pop up to approve the connection. However, although I approve it, the connection fails (and blocks my account due to repeated logins). Here is the new log:

initiating Aggressive Mode IKE_SA FortinetVPN[1] to VPN_IP_HERE
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.2.15[500] to VPN_IP_HERE[500] (475 bytes)
received packet: from VPN_IP_HERE[500] to 10.0.2.15[500] (540 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
local host is behind NAT, sending keep alives
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (140 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 3430233041 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 3430233041 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (108 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 1880015101 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'My_User_name' (myself) successful
IKE_SA FortinetVPN[1] established between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
scheduling reauthentication in 86049s
maximum IKE_SA lifetime 86229s
generating TRANSACTION response 1880015101 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
generating QUICK_MODE request 1374538424 [ HASH SA No KE ID ID ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (428 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (108 bytes)
parsed INFORMATIONAL_V1 request 1850655511 [ HASH D ]
received DELETE for IKE_SA FortinetVPN[1]
deleting IKE_SA FortinetVPN[1] between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
initiating Aggressive Mode IKE_SA FortinetVPN[2] to VPN_IP_HERE
establishing connection 'FortinetVPN' failed

From now on I have no clue, I suppose it has to do with the 2 factor authentication. The Windows Fortinet client "knows how to wait" until I approve the connection.

strongX509 · ‎02-26-2024

I see that in your Windows 10 FortiClient configuration, "Mode Config" is enabled. Does the VPN client request a virtual IP address from the VPN server to be used within the tunnel. If yes, then in ipsec.conf add the line leftsourceip=%config in order to request an IP address via Mode Config.

actunderdc · ‎02-27-2024

Hello @strongX509 ,

Indeed, the Windows 10 VPN client requests a virtual IP address to be used in the tunnel.

Here it is how it looks:

C:\Users\User>ipconfig /all

Windows IP Configuration

...

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : internal.company.com
   Description . . . . . . . . . . . : Fortinet Virtual Ethernet Adapter (NDIS 6.30)
   Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1665:5d42:d1c9:1f39%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.166.20(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 27, 2024 10:37:17
   Lease Expires . . . . . . . . . . : Friday, April 4, 2160 17:10:18
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.166.21
   DHCPv6 IAID . . . . . . . . . . . : 100665615
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-F8-AD-E6-48-9E-BD-32-6B-C0
   DNS Servers . . . . . . . . . . . : 172.28.2.111
                                       172.28.2.111
   NetBIOS over Tcpip. . . . . . . . : Enabled

...

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Fortinet SSL VPN Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-09-0F-AA-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Thank you so much! Adding that line solved the connection issue, now it gets established:

initiating Aggressive Mode IKE_SA FortinetVPN[2] to VPN_IP_HERE
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.2.15[500] to VPN_IP_HERE[500] (475 bytes)
received packet: from VPN_IP_HERE[500] to 10.0.2.15[500] (540 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
local host is behind NAT, sending keep alives
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (140 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 2940994650 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 2940994650 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (108 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 2519549645 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'My_User_name' (myself) successful
IKE_SA FortinetVPN[2] established between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
scheduling reauthentication in 86049s
maximum IKE_SA lifetime 86229s
generating TRANSACTION response 2519549645 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
generating TRANSACTION request 4259852066 [ HASH CPRQ(ADDR DNS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (108 bytes)
parsed TRANSACTION response 4259852066 [ HASH CPRP(ADDR DNS DNS) ]
adding DNS server failed
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing new virtual IP 192.168.166.20
generating QUICK_MODE request 4081831805 [ HASH SA No KE ID ID ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (428 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (380 bytes)
parsed QUICK_MODE response 4081831805 [ HASH SA No KE ID ID ]
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
CHILD_SA FortinetVPN{2} established with SPIs c60494e6_i acf989b7_o and TS 192.168.166.20/32 === 0.0.0.0/0
generating QUICK_MODE request 4081831805 [ HASH ]
connection 'FortinetVPN' established successfully
user@Machine:~$ sudo ipsec status FortinetVPN
Security Associations (1 up, 0 connecting):
 FortinetVPN[2]: ESTABLISHED 10 minutes ago, 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
 FortinetVPN{2}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c60494e6_i acf989b7_o
 FortinetVPN{2}:   192.168.166.20/32 === 0.0.0.0/0

My question/problem now: The internet no longer works on my Linux machine as long as I have the VPN up. I can ping only internal IPs (but not access them via DNS). Anything from the outside cannot be reached or pinged.

The DNS servers do not seem to be set on linux.

strongX509 · ‎02-27-2024

Check with the command ipsec statusall if the resolve plugin which is responsible for inserting the DNS servers received via Mode Config in /etc/resolv.conf is present in the list of loaded plugins:

loaded plugins: charon random ... resolve ...

strongX509 · ‎02-27-2024

With the ipsec.conf setting rightsubnet=0.0.0.0/0 you are tunneling all Internet traffic to the VPN server so the traffic might get stuck there somehow due to routing or NAT-ing.

actunderdc · ‎02-27-2024

@strongX509, you are right regarding the subnet. Thank you for your suggestion! Our VPN is used only for internal addresses. I removed the rightsubnet setting and now I can access external websites. However, it still fails to access internal DNS addresses, even the connect log says that. The resolve plugin seems to be loaded, I checked as you suggested. See the below log where I get messages such as:

adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed

...

loaded plugins: charon ... resolve

user@Machine:~$ sudo ipsec up FortinetVPN 
initiating Aggressive Mode IKE_SA FortinetVPN[1] to VPN_IP_HERE
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.2.15[500] to VPN_IP_HERE[500] (475 bytes)
received packet: from VPN_IP_HERE[500] to 10.0.2.15[500] (540 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
local host is behind NAT, sending keep alives
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (140 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 2213304427 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 2213304427 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (108 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 4119683017 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'My_User_name' (myself) successful
IKE_SA FortinetVPN[1] established between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
scheduling reauthentication in 86123s
maximum IKE_SA lifetime 86303s
generating TRANSACTION response 4119683017 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
generating TRANSACTION request 1821253017 [ HASH CPRQ(ADDR DNS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (108 bytes)
parsed TRANSACTION response 1821253017 [ HASH CPRP(ADDR DNS DNS) ]
adding DNS server failed
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
adding DNS server failed
handling INTERNAL_IP4_DNS attribute failed
installing new virtual IP 192.168.166.4
generating QUICK_MODE request 3418080153 [ HASH SA No KE ID ID ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (412 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (364 bytes)
parsed QUICK_MODE response 3418080153 [ HASH SA No KE ID ID ]
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
CHILD_SA FortinetVPN{1} established with SPIs c298834a_i acf98b43_o and TS 192.168.166.4/32 === VPN_IP_HERE/32
generating QUICK_MODE request 3418080153 [ HASH ]
connection 'FortinetVPN' established successfully
user@Machine:~$ sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-97-generic, x86_64):
  uptime: 3 minutes, since Feb 27 15:28:42 2024
  malloc: sbrk 3076096, mmap 0, used 1393184, free 1682912
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4
  loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
  10.0.2.15
Connections:
 FortinetVPN:  %any...VPN_IP_HERE  IKEv1 Aggressive, dpddelay=30s
 FortinetVPN:   local:  [My_User_name] uses pre-shared key authentication
 FortinetVPN:   local:  [My_User_name] uses XAuth authentication: any
 FortinetVPN:   remote: uses pre-shared key authentication
 FortinetVPN:   child:  dynamic === dynamic TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
 FortinetVPN[1]: ESTABLISHED 3 minutes ago, 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
 FortinetVPN[1]: IKEv1 SPIs: 5cf2c9e9c58e5d5b_i* b083dddf32d19854_r, pre-shared key+XAuth reauthentication in 23 hours
 FortinetVPN[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
 FortinetVPN{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c298834a_i acf98b43_o
 FortinetVPN{1}:  AES_CBC_256/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 11 hours
 FortinetVPN{1}:   192.168.166.4/32 === VPN_IP_HERE/32

actunderdc · ‎02-27-2024

Update: it seems that I was not having the resolveconf package on my linux system. After installing it, I no longer have those warnings related to DNS in my connection log:

user@Machine:~$ sudo ipsec up FortinetVPN
initiating Aggressive Mode IKE_SA FortinetVPN[1] to VPN_IP_HERE
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.2.15[500] to VPN_IP_HERE[500] (475 bytes)
received packet: from VPN_IP_HERE[500] to 10.0.2.15[500] (540 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
local host is behind NAT, sending keep alives
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (140 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 2243083556 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 2243083556 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (108 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (92 bytes)
parsed TRANSACTION request 2838158151 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'My_User_name' (myself) successful
IKE_SA FortinetVPN[1] established between 10.0.2.15[My_User_name]...VPN_IP_HERE[VPN_IP_HERE]
scheduling reauthentication in 86120s
maximum IKE_SA lifetime 86300s
generating TRANSACTION response 2838158151 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
generating TRANSACTION request 232585815 [ HASH CPRQ(ADDR DNS) ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (92 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (108 bytes)
parsed TRANSACTION response 232585815 [ HASH CPRP(ADDR DNS DNS) ]
installing DNS server 172.28.2.111 via resolvconf
DNS server 172.28.2.111 already installed, increasing refcount
installing new virtual IP 192.168.166.4
generating QUICK_MODE request 4210871032 [ HASH SA No KE ID ID ]
sending packet: from 10.0.2.15[4500] to VPN_IP_HERE[4500] (412 bytes)
received packet: from VPN_IP_HERE[4500] to 10.0.2.15[4500] (364 bytes)
parsed QUICK_MODE response 4210871032 [ HASH SA No KE ID ID ]
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
CHILD_SA FortinetVPN{1} established with SPIs cc656926_i acf98b6c_o and TS 192.168.166.4/32 === VPN_IP_HERE/32
connection 'FortinetVPN' established successfully

Now I also seem to have the DNS server installed, but pinging or accessing via browser internal addresses still does not work:

user@Machine:~$ ping something.internal.company.com
ping: something.internal.company.com: Name or service not known

resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 172.28.2.111
nameserver 127.0.0.53
options edns0 trust-ad

I feel that I am getting very close to a final working vpn tunnel, but something little seems to be still missing.

Thank you very much for the help so far!