2.2.2 -> 2.2.3 Upgrade: KeyID Tag Broken?!
Since upgrading to 2.2.3 from 2.2.2 with a working configuration, my dynamic ipsec endpoints no longer work. having tried multiple configurations including switching from FQDN to an IP address i found changing KeyID Tag from myID to user distinguished myID@unknown on both sides allows everything to work.
So it appears something broke with the handling of KeyID Tags? Can someone else verify this?
Does seem to be a problem there, looking into it. That's one that wasn't in our list of test cases, will fix that too.
It should be fixed on master trunk with following commit:
The following pull request https://github.com/pfsense/pfsense/pull/1649/commits got a lot of good things for the IPsec along with the keyID fix which i have tried to get cherry picked for the 2.2.3. Currently the fix is set for release 2.3 so maybe this will help getting it sooner :)
This was fixed in 2.2.4 last week.