2.2.2 -> 2.2.3 Upgrade: KeyID Tag Broken?!

Sn3ak

Since upgrading to 2.2.3 from 2.2.2 with a working configuration, my dynamic ipsec endpoints no longer work. having tried multiple configurations including switching from FQDN to an IP address i found changing KeyID Tag from myID to user distinguished myID@unknown on both sides allows everything to work.

So it appears something broke with the handling of KeyID Tags? Can someone else verify this?

cmb

Does seem to be a problem there, looking into it. That's one that wasn't in our list of test cases, will fix that too.

laped

It should be fixed on master trunk with following commit:

https://github.com/pfsense/pfsense/commit/10439116597e3c2d590191c9be182155b27aa98b

The following pull request https://github.com/pfsense/pfsense/pull/1649/commits got a lot of good things for the IPsec along with the keyID fix which i have tried to get cherry picked for the 2.2.3. Currently the fix is set for release 2.3 so maybe this will help getting it sooner :)

cmb

This was fixed in 2.2.4 last week.

2.2.2 -> 2.2.3 Upgrade: KeyID Tag Broken?!

Products

Applications

Support

Services

News

Resources

Company

Our Mission

Subscribe to our Newsletter