Hi all, We are experiencing a number of issues with IPSEC tunnels rekeying. We see the following in the IPSEC log :
Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] <con1000|1080> received INVALID_ID_INFORMATION error notify Feb 15 17:30:50 4slgbmernfw01 charon: 14[IKE] <con1000|1080> received INVALID_ID_INFORMATION error notify Feb 15 17:30:54 4slgbmernfw01 charon: 09[IKE] <con1000|1080> received INVALID_ID_INFORMATION error notify Feb 15 17:30:59 4slgbmernfw01 charon: 09[IKE] <con1000|1080> received INVALID_ID_INFORMATION error notify Feb 15 17:31:04 4slgbmernfw01 charon: 15[IKE] <con1000|1080> received INVALID_ID_INFORMATION error notify This is not always for the same connection but does happen frequently and has made release 2.2 almost unusable for us. We have to issue ipsec down con xxx and ipsec up con xxx to reset the tunnel. I have had a brief look at the strongswan website and they seem to be indicating an issue and have a patch. Has this/when will this patch be incorporated into pfsense (strongswan issue819 seems to be a close match) We either need to get this fixed or revert back to using racoon …. Mark Relf Principal Consultant [cv_certified_engineer.gif] 4sl Group, 4 Snow Hill, London EC1A 2DJ t: +44 (0) 203 307 1053 m: +44 (0) 7868 842548 w: www.4sl.com<http://www.4sl.com/> e: mark.r...@4sl.com<mailto:mark.r...@4sl.com> Planned away dates: None [cid:B6E3BF5B-11F0-473A-897C-46E683E08B0B] [2013 Tech Track 100 logo - smaller] Legal Disclaimer: The information in this email and any attachment is confidential and may also be privileged. If you have received this message in error please notify the sender and delete the message and attachments from your system immediately. You are not entitled to retain, copy or use this email for any purpose, nor disclose all or any part of its content to any other person.
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold