Project

General

Profile

Bug #8961

IPSEC issues with Asynchronous Cryptography

Added by Chris Macmahon 10 months ago. Updated 8 months ago.

Status:
Duplicate
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/26/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

With the release of 2.4.4 we enabled `Asynchronous Cryptography` by default, we are seeing cases where traffic does not pass over the ipsec tunnel with this enabled.

ICMP to a known host on the tunnel works, when trying to connect by UDP or TCP to the same host, traffic is not passing.

PCAPS show the SYN on the IPSEC interface, but no correlating ESP traffic leaving the device.

We have had reports of disabling async on one side of the tunnel does not resolve the issue, both sides need to be disabled for traffic to work again.

History

#1 Updated by Steve Beaver 10 months ago

  • Target version changed from 2.4.4-GS to 2.4.4-p1

#2 Updated by Steve Beaver 9 months ago

  • Assignee set to Renato Botelho

#3 Updated by Jim Pingle 8 months ago

  • Status changed from New to Duplicate

Duplicate of #8964 (it came later, but has more detail and comments with additional info)

Also available in: Atom PDF