Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are there any known issues with ipsec and 2.3.2?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dzeanah
      last edited by

      Stripped out unnecessary details.

      I'm configuring an 8860 that I'm going to place in my datacenter to replace an older unit, and I've got a 2440 here at my home office.  I'd like to tie these together using site-to-site IPSec the way I've been doing for years, only changing to algorithms that support AES-NI.

      Is IPSec something that still works as expected?  I only ask because I upgraded the 2440 from 2.2.6 to 2.3.2 today and the VPN to my 2.2.6 machine at the datacenter dropped.  Searches related to that suggested that lots of folks have been having that issue.

      So, is IPSec good to go between two boxes running 2.3.2?

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Not really. Sometimes upgrades tickle misconfigurations that should not have worked before and later code fails as expected with the misconfigured parameters.

        Without any details as to what actually "broke" after upgrading, it's really anyone's guess. IPsec logs on the initiating side generally say what is wrong.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D Offline
          dzeanah
          last edited by

          You know, as long as IPSec still works I'll just recreate everything from scratch.  The old one has been running since at least 1.2.3 so I wouldn't be at all surprised if some incompatibility finally crept in.  I'm not even going to worry with diagnosing it.

          Thanks for the reply.  :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.