Our IPSec configuration stopped working after upgrade to Version 21.7.1 from 20.x
It looks like the distinguished name could not be parsed anymore. According to the log, it seems seems nothing have been entered. -> two quotes but no content
Configuration for Test:
(https://forum.opnsense.org/index.php?action=dlattach;topic=28009.0;attach=21732)
Log Message:
charon[22695] 10[IKE] <con1|7> IDir 'C=AT, ST=xxx, L=xxxxx, O=xxxxxx, OU=xx, CN=xxxxxxx, E=info@xxx.com' does not match to ''
File ipsec.conf:
rightid = asn1dn:"C=AT"
I also found an old discussion that tells that asn1dn should also be in quotes.
Any helpfull hints?
See https://github.com/opnsense/changelog/blob/293f829200f2175ef3d11dfc970888956ac78193/community/21.7/21.7#L157
An "automatic" type was added later on and you can try it for compatibility. Though a mismatch could indicate a lingering issue with the previous configuration not using what you expected.
Cheers,
Franco
Thanks for the fast respond. Auto mode works.