Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
On Thu, Jun 25, 2009 at 6:27 AM, Ho Sy Tanhosy...@gmail.com wrote: I run pfSense-1.2.3-RC1 (FreeBSD 7.1), IPSec with IKE P2 AES 256, it work fine. That's with the older ipsec-tools version. The latest one wants different syntax. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
On Tue, May 26, 2009 at 5:42 AM, Benjamin Frommebenjamin.fro...@login-online.de wrote: Hi List, we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we have configured AES256 as the only encryption algorithm and everything works fine. Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on this box are broken. The 1.2.2 boxes show the tunnel as working, on the 1.2.3RC1 box we see the following in the logs: The newer ipsec-tools doesn't like the syntax that used to work, I committed a fix a couple days ago for this. Any snapshots with today's date or newer should work. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
I run pfSense-1.2.3-RC1 (FreeBSD 7.1), IPSec with IKE P2 AES 256, it work fine. On Thu, Jun 25, 2009 at 2:13 PM, Chris Buechler c...@pfsense.org wrote: On Tue, May 26, 2009 at 5:42 AM, Benjamin Frommebenjamin.fro...@login-online.de wrote: Hi List, we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we have configured AES256 as the only encryption algorithm and everything works fine. Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on this box are broken. The 1.2.2 boxes show the tunnel as working, on the 1.2.3RC1 box we see the following in the logs: The newer ipsec-tools doesn't like the syntax that used to work, I committed a fix a couple days ago for this. Any snapshots with today's date or newer should work. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- My contact: Fullname: Ho Sy Tan Nicname: Ta Nho Sy Org: FireGate Group - 3CDotCom Address: No 6 - Lang Ha - Ba Dinh - Ha Noi Tel: (84).04.62665656 Fax: (84).04.62665657 Mobile: (84). 0902231360 Email: tanh...@firegate.vn Gmail: tanh...@gmail.com Yahoo Mail: tanh...@yahoo.com Hotmail: tanh...@hotmail.com Website:www.firegate.vn
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
Benjamin Fromme wrote: Hi List, we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we have configured AES256 as the only encryption algorithm and everything works fine. Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on this box are broken. The 1.2.2 boxes show the tunnel as working, on the 1.2.3RC1 box we see the following in the logs: [snip] When we configure the tunnels with 3DES instead of AES every works fine again?! Any ideas? Thanks! Can you try a more recent 1.2.3-RC snapshot based on FreeBSD 7.2? ipsec-tools was upgraded to a version from their CVS tree, 0.8-something. It's been working great for me, it fixed a lot of DPD/Peer Loss issues, and seems to work fine. I haven't tried it with AES yet, but it may help in your situation. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
Hi List, we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we have configured AES256 as the only encryption algorithm and everything works fine. Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on this box are broken. The 1.2.2 boxes show the tunnel as working, on the 1.2.3RC1 box we see the following in the logs: * May 26 11:08:59 racoon: ERROR: pfkey ADD failed: Invalid argument * May 26 11:08:59 racoon: ERROR: pfkey UPDATE failed: Invalid argument * May 26 11:08:58 racoon: [Amm Konradsreuth]: INFO: initiate new phase 2 negotiation: 1.2.3.4[500]=5.6.7.8[500] * May 26 11:08:56 racoon: [peer]: ERROR: 5.6.7.8 give up to get IPsec-SA due to time up to wait. * May 26 11:08:26 racoon: ERROR: pfkey ADD failed: Invalid argument * May 26 11:08:26 racoon: ERROR: pfkey UPDATE failed: Invalid argument * May 26 11:08:26 racoon: [peer]: INFO: initiate new phase 2 negotiation: 1.2.3.4[500]=5.6.7.8[500] * May 26 11:08:26 racoon: [peer]: INFO: ISAKMP-SA established 1.2.3.4[500]-5.6.7.8[500] spi:da3ff6430e99e903:aecc711801f21c92 When we configure the tunnels with 3DES instead of AES every works fine again?! Any ideas? Thanks! -- Benjamin Fromme benjamin.fro...@login-online.de - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org