Search
Results (97)
- Feature #11576 (New): Add IPsec GUI option to control Child SA "start_action"
- Currently we set the child SA start option au ... it so we could include it for completeness.
- Regression #11564 (Feedback): swanctl always contains users eap/psk keys
- /var/etc/ipsec/swanctl.conf always contains users eap/psk k ... } } </pre> even if you don't have an IPsec Mobile entry or it's not set to EAP-MSChapv2/Mutual-PSK mode.
- Regression #11555 (Feedback): IPsec peer ID of "Any" is not working consistently
- When a peer identifier is set to "Any" the re ... s, but it needs more testing to identify why.
- Bug #11552 (Confirmed): IPSec VPN Web Interface - Incorrect phase 2 entry being deleted on second delete
- I had a phase1 entry with 6 phase2 entries. ... 1 so I went to delete them by going to VPN - IPSec + Show Pase 2 Entries. The P2 entries were ... ted on 2.4.5-p1 and 2.5.0, both are affected.
- Regression #11545 (New): Primary interface address is not always used when VIPs are present
- If you have IP Aliases on a WAN interface that a Site to Site IPSec tunnel is riding over and upgrade from 2.4.5 ... " and "Apply Configuration" then restart the IPsec service to bring tunnels up post-upgrade. Otherwise IPSec will never connect no matter how many times you cycle the service. Step by Step: 1. Create IPSec on WAN interface with several IP Aliases 2. Upgrade to 21.02/21.02p1 3. IPSec is broken, so you go into the WAN interface, ... h no changes, and Apply Changes. 4. Restart IPSec service Tunnels now work.
- Bug #11539 (Feedback): Mobile IPsec "split_include" value of 0.0.0.0/0 causes some clients to fail
- Currently for mobile IPsec the code sets up @subnet@ and @split_include ... of those fields are being used appropriately.
- Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly
- The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may ... re> rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' u ... Name does not resolve' </pre> Somehow @ipsec_get_phase1_src($ph1ent)@ is returning an emp ... and omit the local address for the interface.
- Regression #11526 (Feedback): Enabling Strict Certificate Revocation List Checking Breaks IPSec Mobile Connectivity
- Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error: "loading co ... wn option: strictcrlpolicy, config discarded"
- Regression #11524 (New): Using SHA256 with AES-NI may fail for some clients
- Based on at least one report, it appears AES- ... s. https://forum.netgate.com/topic/161268/ipsec-tunnels-using-sha256-may-not-connect If t ... il/svn-src-head/2011-February/025040.html )
- Todo #11518 (Feedback): Move custom IPSEC NAT-T port settings to Advanced Options
- custom IPsec NAT-T port settings (#10870) are very rarely ... tter to move it to "Advanced Options" section