Actions
Bug #12053
closedPRF Algorithm is Always Set to SHA256 on New Tunnel Creations
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
06/17/2021
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Affected Plus Version:
Affected Architecture:
All
Description
When creating new P1s regardless of what the hash algorithm is set to the variable in config.xml is always set to <prf-algorithm>sha256</prf-algorithm>. This also seems to make its way into swanctl.conf in certain situations as well. A customer upgrading from 2.4.5p1 had 3DES set for this variable for a P1 tunnel on one endpoint, but did not have the "PRF Selection" checkbox selected in the P1 Advanced Config. The variable for <prf-algorithm> was loaded into swanctl and was causing issues with another pfSense endpoint until the PRF algorithm was manually set to match the other endpoint.
Actions