IPSEC tunnels after 23.01 - advice
-
After spending a long night trouble shooting our IPSEC tunnels. We had ICMP going thru but no voice traffic going thru after upgrading from 22.05 to 23.01. Here's the key take aways to get back online.
So it appears the 2 significant changes that needed to be made to get all tunnels back online where:
All migrated VTI tunnels needed static routes to be updated from WANGW to VTI interface. This didn’t come thru on the migration.
Also all the P1 tunnels with dual WAN and or “virtual IP” appear to require the “My identifier” and “Peer identifier” to be set with “IP address” instead of the “My IP address” or Peer IP address”.
Here’s the change that appears to fix the tunnels:
P1 Tunnel original:
P1 Tunnel working:
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.