Results (97)

Feature #11576 (New): Add IPsec GUI option to control Child SA "start_action"
Currently we set the child SA start option au ... it so we could include it for completeness. 02/28/2021 11:56 AM
Regression #11564 (Feedback): swanctl always contains users eap/psk keys
/var/etc/ipsec/swanctl.conf always contains users eap/psk k ... } } </pre> even if you don't have an IPsec Mobile entry or it's not set to EAP-MSChapv2/Mutual-PSK mode. 02/27/2021 08:07 AM
Regression #11555 (Feedback): IPsec peer ID of "Any" is not working consistently
When a peer identifier is set to "Any" the re ... s, but it needs more testing to identify why. 02/26/2021 12:33 PM
Bug #11552 (Confirmed): IPSec VPN Web Interface - Incorrect phase 2 entry being deleted on second delete
I had a phase1 entry with 6 phase2 entries. ... 1 so I went to delete them by going to VPN - IPSec + Show Pase 2 Entries. The P2 entries were ... ted on 2.4.5-p1 and 2.5.0, both are affected. 02/26/2021 08:40 AM
Regression #11545 (New): Primary interface address is not always used when VIPs are present
If you have IP Aliases on a WAN interface that a Site to Site IPSec tunnel is riding over and upgrade from 2.4.5 ... " and "Apply Configuration" then restart the IPsec service to bring tunnels up post-upgrade. Otherwise IPSec will never connect no matter how many times you cycle the service. Step by Step: 1. Create IPSec on WAN interface with several IP Aliases 2. Upgrade to 21.02/21.02p1 3. IPSec is broken, so you go into the WAN interface, ... h no changes, and Apply Changes. 4. Restart IPSec service Tunnels now work. 02/25/2021 09:15 PM
Bug #11539 (Feedback): Mobile IPsec "split_include" value of causes some clients to fail
Currently for mobile IPsec the code sets up @subnet@ and @split_include ... of those fields are being used appropriately. 02/25/2021 02:30 PM
Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly
The error in implies that an IPsec tunnel using VTI between two IPv6 peers may ... re> rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '' '2001:xxx:xxxx:xxx::1' u ... Name does not resolve' </pre> Somehow @ipsec_get_phase1_src($ph1ent)@ is returning an emp ... and omit the local address for the interface. 02/25/2021 01:31 PM
Regression #11526 (Feedback): Enabling Strict Certificate Revocation List Checking Breaks IPSec Mobile Connectivity
Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error: "loading co ... wn option: strictcrlpolicy, config discarded" 02/24/2021 12:39 PM
Regression #11524 (New): Using SHA256 with AES-NI may fail for some clients
Based on at least one report, it appears AES- ... s. If t ... il/svn-src-head/2011-February/025040.html ) 02/24/2021 08:09 AM
Todo #11518 (Feedback): Move custom IPSEC NAT-T port settings to Advanced Options
custom IPsec NAT-T port settings (#10870) are very rarely ... tter to move it to "Advanced Options" section 02/24/2021 03:20 AM