IPSec/L2TP on 2.2.3 broken?
-
I'm running a few pfsense as vpn/fw using 2.2.2 version. After upgrading for this morning to 2.2.3 my IPSec/L2TP my vpn is broken. Does anyone experiencing the same? There is no information on l2tp starting on the logs. Something is different.
Some logs:
Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
Jun 25 15:07:35 charon: 02[ENC] <con1|3>parsed INFORMATIONAL_V1 request 285074821 [ HASH D ]
Jun 25 15:07:35 charon: 02[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
Jun 25 15:07:35 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 1492790087 [ HASH D ]
Jun 25 15:07:35 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (76 bytes)
Jun 25 15:07:25 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 3460051619 [ HASH N(DPD_ACK) ]
Jun 25 15:07:25 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
Jun 25 15:07:25 charon: 11[NET] <con1|3>sending packet: from 162.XXX.XXX.184[500] to 191.XXX.XXX.97[500] (92 bytes)
Jun 25 15:07:25 charon: 11[ENC] <con1|3>generating INFORMATIONAL_V1 request 1605134724 [ HASH N(DPD) ]
Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3> -
Hi!
SNAP!
I just posted a few seconds after you - I'm having the same issue!
-=david=-
-
Same issue
-
https://redmine.pfsense.org/issues/4791