Are there any known issues with ipsec and 2.3.2?

  • Stripped out unnecessary details.

    I'm configuring an 8860 that I'm going to place in my datacenter to replace an older unit, and I've got a 2440 here at my home office.  I'd like to tie these together using site-to-site IPSec the way I've been doing for years, only changing to algorithms that support AES-NI.

    Is IPSec something that still works as expected?  I only ask because I upgraded the 2440 from 2.2.6 to 2.3.2 today and the VPN to my 2.2.6 machine at the datacenter dropped.  Searches related to that suggested that lots of folks have been having that issue.

    So, is IPSec good to go between two boxes running 2.3.2?

  • LAYER 8 Netgate

    Not really. Sometimes upgrades tickle misconfigurations that should not have worked before and later code fails as expected with the misconfigured parameters.

    Without any details as to what actually "broke" after upgrading, it's really anyone's guess. IPsec logs on the initiating side generally say what is wrong.

  • You know, as long as IPSec still works I'll just recreate everything from scratch.  The old one has been running since at least 1.2.3 so I wouldn't be at all surprised if some incompatibility finally crept in.  I'm not even going to worry with diagnosing it.

    Thanks for the reply.  :)

Log in to reply