4. IPSec/L2TP on 2.2.3 broken?

IPSec/L2TP on 2.2.3 broken?

  • A

    I'm running a few pfsense as vpn/fw using 2.2.2 version. After upgrading for this morning to 2.2.3 my IPSec/L2TP my vpn is broken. Does anyone experiencing the same?  There is no information on l2tp starting on the logs. Something is different.

    Some logs:

    Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
    Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
    Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
    Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
    Jun 25 15:07:35 charon: 02[ENC] <con1|3>parsed INFORMATIONAL_V1 request 285074821 [ HASH D ]
    Jun 25 15:07:35 charon: 02[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
    Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
    Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
    Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
    Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
    Jun 25 15:07:35 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 1492790087 [ HASH D ]
    Jun 25 15:07:35 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (76 bytes)
    Jun 25 15:07:25 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 3460051619 [ HASH N(DPD_ACK) ]
    Jun 25 15:07:25 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
    Jun 25 15:07:25 charon: 11[NET] <con1|3>sending packet: from 162.XXX.XXX.184[500] to 191.XXX.XXX.97[500] (92 bytes)
    Jun 25 15:07:25 charon: 11[ENC] <con1|3>generating INFORMATIONAL_V1 request 1605134724 [ HASH N(DPD) ]
    Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
    Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
    Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
    Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3>

    0
  • D

    Hi!

    SNAP!

    I just posted a few seconds after you - I'm having the same issue!

    -=david=-

    0
  • P

    Same issue

    0
  • D

    https://redmine.pfsense.org/issues/4791

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy