21.02/2.5 <-> 21.02/2.5 IPSEC Fails quickly
-
I have noticed that when doing IPSEC between the two new flavors, after about 5 minutes, the VTI interfaces can't ping each other and traffic will not pass. This configuration worked perfectly in 2.4.5. It's not a hardware issue because the same hardware connected to a 2.4.5 peer is also rock solid. Anyone else notice this or have a fix? Tried several patches, to no avail. Logs below of what happens once it fails.
2/28/2021 20:54 charon 58090 15[NET] <con3000|4> sending packet: from xx.xx.x.xx[500] to xx.xxx.xx.xxx[500] (80 bytes)
2/28/2021 20:54 charon 58090 15[KNL] <con3000|4> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 in failed, not found
2/28/2021 20:54 charon 58090 07[KNL] <con3000|4> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 in failed, not found
2/28/2021 20:54 charon 58090 07[KNL] <con3000|4> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 out failed, not found
2/28/2021 20:54 charon 58090 07[KNL] <con3000|4> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 in failed, not found
2/28/2021 20:54 charon 58090 07[KNL] <con3000|4> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 out failed, not found -
Is it possible to get a sticky with all of the patches for ipsec on 2.5? Considering the widespread number of issues and multiple places you find different patches?
-
Can't vouch for it but I did notice someone posted a URL to a blog with several.
-
Here's the ones from the post I believe you are thinking of. Just would hate to miss one, the one because they're all over the place.
ead6515637a34ce6e170e2d2b0802e4fa1e63a00 #11435
57beb9ad8ca11703778fc483c7cba0f6770657ac #11435
10eb04259fd139c62e08df8de877b71fdd0eedc8 #11442
ded7970ba57a99767e08243103e55d8a58edfc35 #11486
afffe759c4fd19fe6b8311196f4b6d5e288ea4fb #11487
2fe5cc52bd881ed26723a81e0eed848fd505fba6 #11488
f731957f945af90d6a75f0e33f91a440a6a55736 #11526