Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2.2 -> 2.2.3 Upgrade: KeyID Tag Broken?!

    IPsec
    3
    4
    1020
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sn3ak
      last edited by

      Since upgrading to 2.2.3 from 2.2.2 with a working configuration, my dynamic ipsec endpoints no longer work. having tried multiple configurations including switching from FQDN to an IP address  i found changing KeyID Tag from myID to user distinguished myID@unknown on both sides allows everything to work.

      So it appears something broke with the handling of KeyID Tags? Can someone else verify this?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Does seem to be a problem there, looking into it. That's one that wasn't in our list of test cases, will fix that too.

        1 Reply Last reply Reply Quote 0
        • L
          laped
          last edited by

          It should be fixed on master trunk with following commit:

          https://github.com/pfsense/pfsense/commit/10439116597e3c2d590191c9be182155b27aa98b

          The following pull request https://github.com/pfsense/pfsense/pull/1649/commits got a lot of good things for the IPsec  along with the keyID fix which i have tried to get cherry picked for the 2.2.3. Currently the fix is set for release 2.3 so maybe this will help getting it sooner :)

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            This was fixed in 2.2.4 last week.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post