Project

General

Profile

Actions

Bug #4818

closed

IPSec makes worse in some cases - since 2.2.3 Update

Added by Marvin Kamm over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
07/06/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:
amd64

Description

Since updateing pfsense from V2.1.5 to V2.2.3, I´ve some issues with the IPsec VPN.
I´ve configured about 20 IPsec vpn connections to customers.

Four of them use Lancom routers for IPsec connections.
Exactly those four are not operational after updateing.

Connection parameters haven´t changed.
I tried to connect with 3DES encryption instead of AES but won´t work too.
Error I often see is "invalid ID_V1 payload length, decryption failed?".

Annexed an extract from the pfsense log.
I set IKE SA, IKE Child SA and Configuration backend in Diag mode at the IPsec Debug page.

Many Thanks!


Files

IPsec_log.csv (25.8 KB) IPsec_log.csv Marvin Kamm, 07/06/2015 10:19 AM
IPsec_log1.csv (18.4 KB) IPsec_log1.csv Marvin Kamm, 07/07/2015 09:38 AM
Actions #1

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Feedback

this likely overlaps with the changes made as part of fixing #4811, which some have confirmed fixed things for them that regressed from 2.2.2 to 2.2.3. Please try the latest 2.2.4 snapshot from https://snapshots.pfsense.org and report back.

Actions #2

Updated by Marvin Kamm over 8 years ago

Thanks for your quick response Chris!
I tried the last "nighty build" -> pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64-20150706-2039.tgz.
Unfortunately my problem is not solved.
Still same behavior, vpn to lancom routers are not available, all other are OK.
Do you need further configs or logs?

Actions #3

Updated by Jim Thompson over 8 years ago

  • Assignee set to Chris Buechler
Actions #4

Updated by Marvin Kamm over 8 years ago

Since upgrading to pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64-20150712-1215
I´m able to use all vpn tunnels again! Even to Lancom routers!

Thanks a lot!
#4818 can be closed!

Actions #5

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF