Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPsec HEADS UP for 2.2.1 users

    IPsec
    1
    1
    2136
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb last edited by

      When we removed the code for the "Prefer old SAs" option, which set the value to -30, I noticed it was no longer getting set to -30 but neglected to notice it was being set to 1, which is an alternate value for enabled. No one else noticed either unfortunately.

      This is the cause of rekeying issues some of you have after upgrading to 2.2.1. 2.2.2 will be coming soon to fix this, but you can easily fix it in the mean time.

      Go to System>Advanced, System Tunables tab, and add a new value there.

      Name: net.key.preferred_oldsa
      Value: 0

      Then save and apply changes. That immediately takes effect. That can stay there indefinitely, it won't impact anything post-upgrade with the proper fix.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post