OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: cmo on April 19, 2022, 11:52:13 AM

Title: [SOLVED] IPsec VPN ASN.1 distinguished Name not parsed?
Post by: cmo on April 19, 2022, 11:52:13 AM
Our IPSec configuration stopped working after upgrade to Version 21.7.1 from 20.x

It looks like the distinguished name could not be parsed anymore. According to the log, it seems seems nothing have been entered. -> two quotes but no content

Configuration for Test:

(https://forum.opnsense.org/index.php?action=dlattach;topic=28009.0;attach=21732)

Log Message:
charon[22695]   10[IKE] <con1|7> IDir 'C=AT, ST=xxx, L=xxxxx, O=xxxxxx, OU=xx, CN=xxxxxxx, E=info@xxx.com' does not match to ''


File ipsec.conf:

rightid = asn1dn:"C=AT"



I also found an old discussion that tells that asn1dn should also be in quotes.

Any helpfull hints?




Title: Re: IPsec VPN ASN.1 distinguished Name not parsed?
Post by: franco on April 19, 2022, 03:02:26 PM
See https://github.com/opnsense/changelog/blob/293f829200f2175ef3d11dfc970888956ac78193/community/21.7/21.7#L157

An "automatic" type was added later on and you can try it for compatibility. Though a mismatch could indicate a lingering issue with the previous configuration not using what you expected.


Cheers,
Franco
Title: Re: IPsec VPN ASN.1 distinguished Name not parsed?
Post by: cmo on April 19, 2022, 03:27:24 PM
Thanks for the fast respond. Auto mode works.