pfSense

I previously had a site-to-site VPN up and working between two sites when one endpoint was 2.2 and the other was 2.1.1.

The first was upgraded to 2.2.1 over the weekend - the second was as well but we had to revert this morning when we realized that forwarding between VLANs was mostly not working (some rules would work, some wouldn't, lots of strange failures)

Now I'm seeing the following when trying to establish the IPsec link. From the logs on the 2.2.1 site:

Mar 30 12:59:13 pfsense charon: 05[CFG] received proposals: ESP:BLOWFISH_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Mar 30 12:59:13 pfsense charon: 05[CFG] configured proposals: ESP:BLOWFISH_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Mar 30 12:59:13 pfsense charon: 05[IKE] <con4000|3> no matching proposal found, sending NO_PROPOSAL_CHOSEN
Mar 30 12:59:13 pfsense charon: 05[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN
Mar 30 12:59:13 pfsense charon: 05[ENC] generating INFORMATIONAL_V1 request 2017941413 [ HASH N(NO_PROP) ]

The two IPsec proposals are configured identically but it seems as though charon is expecting something that racoon isn't providing.