Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec not working after upgrade to 2.2.2

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      covex
      last edited by

      I upgraded 7 soekris 6501 boxes over last weekend from 2.1.x to 2.2.2. At first everything looked OK but then I started to get this warning

      "there were errors loading the rule: pfstl: DIOCADDRULE: ooperation not supported by device - The line in question reads 0:"

      So I restarted one of the boxes and lost IPSec tunnel between this box and my HO (2.2.2 also). I checked all settings on both ends and they look OK, also IPSec status says "established" but I can't ping or connect to anything from HO into that network.
      They can sporadically RDP into servers at HO but can't print to the local printers.

      Also system log shows numerous "init: _secure_path: /etc/login.conf is not owned by root" or "login: _secure_path: /etc/login.conf is not owned by root" messages. Not sure if its related

      My home alix box was upgraded to 2.2.2 and has no problems with IPSec'ing to HO.

      upd: other 2 tunnels from this soekris box to other soekris boxes are working fine (all 2.2.2). wth :/

      pfs3.JPG_thumb
      pfs3.JPG

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Two or three things there I'd like to look into. The "operation not supported by device" with no accompanying details is odd. The IPsec issue looks like an outstanding edge case that we haven't been able to replicate. If you can get me direct or indirect (gotomeeting, similar) access to the system I'd like to check it out. PM me and we can work out details.

        1 Reply Last reply Reply Quote 0
        • C
          covex
          last edited by

          sent…

          1 Reply Last reply Reply Quote 0
          • J
            jasonr
            last edited by

            I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.  Upgrade messed it all up.

            It stopped all the messages in sys log

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @jasonr:

              I had to chown -R root:wheel /etc/ in the GUI to get ssh and console to work.  Upgrade messed it all up.

              I found the source of that issue looking at covex's system. I just fixed that issue, or worked around it at least, by re-issuing the full update files again with "chown -R root:wheel *" of what's within them (when they were re-packed they lost that, which shouldn't matter, but mtree is failing after upgrade from any pre-FreeBSD 10.x base version). We're looking into a proper long-term fix now, but that shouldn't happen upon upgrade to 2.2.2 from 2.1x and earlier versions anymore.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.