Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec HEADS UP for 2.2.1 users

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb
      last edited by

      When we removed the code for the "Prefer old SAs" option, which set the value to -30, I noticed it was no longer getting set to -30 but neglected to notice it was being set to 1, which is an alternate value for enabled. No one else noticed either unfortunately.

      This is the cause of rekeying issues some of you have after upgrading to 2.2.1. 2.2.2 will be coming soon to fix this, but you can easily fix it in the mean time.

      Go to System>Advanced, System Tunables tab, and add a new value there.

      Name: net.key.preferred_oldsa
      Value: 0

      Then save and apply changes. That immediately takes effect. That can stay there indefinitely, it won't impact anything post-upgrade with the proper fix.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.