Removal of key exchange setting "auto"



  • The removal of "auto" in 2.2.4 appears to have completely broken my mobile IPSEC configuration for iPhones and Macs. I was previously able to have both IKEv1 and IKEv2 clients connect via the auto setting.

    In the UI, after installation the key exchange option changes to V2 which of course prevents IKEv1 clients from connecting. Further, changing the setting to V1 is also not functional, even for units attempting to connect via IKEv1.

    I will do more diagnosis tomorrow, but with having to explicitly restrict the connection to either V1 or V2, I can't really how a mix could be possible.



  • Unfortunately, there appears to be no way to support a mix of v1 and v2 mobile clients in 2.2.4.

    https://redmine.pfsense.org/issues/4873

    I've had to downgrade to 2.2.3.