Actions
Regression #11526
closed
Mobile IPsec broken when using strict certificate revocation list checking
Start date:
02/24/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All
Description
Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error:
"loading connection 'con-mobile' failed: unknown option: strictcrlpolicy, config discarded"
Updated by Jim Pingle about 3 years ago
- Tracker changed from Bug to Regression
- Project changed from pfSense Plus to pfSense
- Category changed from IPsec to IPsec
- Assignee set to Jim Pingle
This isn't specific to plus, and is a regression from 2.4.5.
Looks like the parameter format changed and the config needs to be updated to follow:
| pfSense | Old | New |
|---|---|---|
| Off | strictcrlpolicy=no (default) | connections.<conn>.remote<suffix>.revocation=relaxed (default) |
| On | strictcrlpolicy=yes | connections.<conn>.remote<suffix>.revocation=strict |
Updated by Jim Pingle about 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 9a5bde87ce9fd0fad3a7f41750782b2dccce38d8.
Updated by
Updated by Jim Pingle about 3 years ago
- Subject changed from Enabling Strict Certificate Revocation List Checking Breaks IPSec Mobile Connectivity to Mobile IPsec broken when using strict certificate revocation list checking
Updating subject for release notes.
Updated by Kris Phillips about 3 years ago
Applied this on a customer firewall and the issue went away for IPSec. Seems to be working, but should be further verified.
Actions