Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
On Thu, Jun 25, 2009 at 6:27 AM, Ho Sy Tan wrote: > I run pfSense-1.2.3-RC1 (FreeBSD 7.1), IPSec with IKE P2 AES 256, it work > fine. > That's with the older ipsec-tools version. The latest one wants different syntax. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
I run pfSense-1.2.3-RC1 (FreeBSD 7.1), IPSec with IKE P2 AES 256, it work fine. On Thu, Jun 25, 2009 at 2:13 PM, Chris Buechler wrote: > On Tue, May 26, 2009 at 5:42 AM, Benjamin > Fromme wrote: > > Hi List, > > > > we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we > > have configured AES256 as the only encryption algorithm and everything > works fine. > > > > Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on > > this box are broken. The 1.2.2 boxes show the tunnel as working, on the > > 1.2.3RC1 box we see the following in the logs: > > > > The newer ipsec-tools doesn't like the syntax that used to work, I > committed a fix a couple days ago for this. Any snapshots with today's > date or newer should work. > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- My contact: Fullname: Ho Sy Tan Nicname: Ta Nho Sy Org: FireGate Group - 3CDotCom Address: No 6 - Lang Ha - Ba Dinh - Ha Noi Tel: (84).04.62665656 Fax: (84).04.62665657 Mobile: (84). 0902231360 Email: tanh...@firegate.vn Gmail: tanh...@gmail.com Yahoo Mail: tanh...@yahoo.com Hotmail: tanh...@hotmail.com Website:www.firegate.vn
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
On Tue, May 26, 2009 at 5:42 AM, Benjamin Fromme wrote: > Hi List, > > we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we > have configured AES256 as the only encryption algorithm and everything works > fine. > > Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on > this box are broken. The 1.2.2 boxes show the tunnel as working, on the > 1.2.3RC1 box we see the following in the logs: > The newer ipsec-tools doesn't like the syntax that used to work, I committed a fix a couple days ago for this. Any snapshots with today's date or newer should work. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense 1.2.3RC1 / Problems with IPSEC and AES256
Benjamin Fromme wrote: > Hi List, > > we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we > have configured AES256 as the only encryption algorithm and everything works > fine. > > Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on > this box are broken. The 1.2.2 boxes show the tunnel as working, on the > 1.2.3RC1 box we see the following in the logs: > [snip] > When we configure the tunnels with 3DES instead of AES every works fine > again?! Any ideas? Thanks! Can you try a more recent 1.2.3-RC snapshot based on FreeBSD 7.2? ipsec-tools was upgraded to a version from their CVS tree, 0.8-something. It's been working great for me, it fixed a lot of DPD/Peer Loss issues, and seems to work fine. I haven't tried it with AES yet, but it may help in your situation. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org