Yesterday, I have upgraded my Opnsense from 21.7.8 to 22.1.1_3. The upgrade worked flawlessly (thanks to all the developers and the great community). Unfortunately, many of my mobile IPSec connections do not work anymore. I am still investigating and it looks like strongswan rejects the client certificates because of unknown trustworthy. Perhaps, anybody of the early adopters already has experiences with mobile IPSec connections after upgrading to new Opnsense 22.1.x.
Maybe, the problems have something in common with the security related misconfiguration of strongswan I addressed in the past (https://forum.opnsense.org/index.php?topic=24521.0). This all makes me think to either switch to another VPN technology (e.g. Wireguard) or to drop all automatically generated VPN profiles and add my manual ones (provided they won't get overwritten during configuration changes within Opnsense).
Does anybody have some recommendations?
Probably I got it, some client certificates (created the same time) expired some times ago. Coincidentally in almost the same period as upgrading the Opnsense ::)
Edit:
But, I would be glad if we can revive the discussion about security :)