Regression #11526
closed
Mobile IPsec broken when using strict certificate revocation list checking
Added by Kris Phillips almost 4 years ago.
Updated over 3 years ago.
Affected Architecture:
All
Description
Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error:
"loading connection 'con-mobile' failed: unknown option: strictcrlpolicy, config discarded"
- Tracker changed from Bug to Regression
- Project changed from pfSense Plus to pfSense
- Category changed from IPsec to IPsec
- Assignee set to Jim Pingle
This isn't specific to plus, and is a regression from 2.4.5.
Looks like the parameter format changed and the config needs to be updated to follow:
| pfSense |
Old |
New |
| Off |
strictcrlpolicy=no (default) |
connections.<conn>.remote<suffix>.revocation=relaxed (default) |
| On |
strictcrlpolicy=yes |
connections.<conn>.remote<suffix>.revocation=strict |
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Target version set to 2.5.1
- Subject changed from Enabling Strict Certificate Revocation List Checking Breaks IPSec Mobile Connectivity to Mobile IPsec broken when using strict certificate revocation list checking
Updating subject for release notes.
Applied this on a customer firewall and the issue went away for IPSec. Seems to be working, but should be further verified.
- Status changed from Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by