Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC tunnels after 23.01 - advice

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 643 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonathanp123
      last edited by

      After spending a long night trouble shooting our IPSEC tunnels. We had ICMP going thru but no voice traffic going thru after upgrading from 22.05 to 23.01. Here's the key take aways to get back online.

      So it appears the 2 significant changes that needed to be made to get all tunnels back online where:

      All migrated VTI tunnels needed static routes to be updated from WANGW to VTI interface. This didn’t come thru on the migration.

      Also all the P1 tunnels with dual WAN and or “virtual IP” appear to require the “My identifier” and “Peer identifier” to be set with “IP address” instead of the “My IP address” or Peer IP address”.

      Here’s the change that appears to fix the tunnels:
      P1 Tunnel original:
      3a5c87b2-d024-4ceb-86ef-3441ba6d3c15-image.png

      P1 Tunnel working:
      eb7d47de-02fc-4f36-b2c0-26a7a1283fe4-image.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.