OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: GaardenZwerch on February 26, 2021, 11:38:11 am

Title: Upgrade to 21.1.2 from 21.1.1 breaks IPSec
Post by: GaardenZwerch on February 26, 2021, 11:38:11 am
Hi,
the last upgrade breaks IPSec for us. (update + reboot from 21.1.1 to 21.1.2)

This is all I see in the log. Only few udp:500 packets are transmitted.

Code: [Select]
Feb 26 10:18:43 TC-master charon[8392]: 12[KNL] creating acquire job for policy a.b.c.d/32 === x.y.z.t/32 with reqid {109}
Feb 26 10:18:43 TC-master charon[8392]: 05[IKE] <con7|73951> initiating IKE_SA con7[73951] to x.y.z.t
Feb 26 10:18:43 TC-master charon[8392]: 05[NET] <con7|73951> sending packet: from a.b.c.d[500] to x.y.z.t[500] (464 bytes)
Feb 26 10:18:43 TC-master charon[8392]: 05[NET] <con7|73951> received packet: from x.y.z.t[500] to a.b.c.d[500] (36 bytes)
Feb 26 10:19:07 TC-master charon[8392]: 06[KNL] creating acquire job for policy a.b.c.d/32 === x.y.z.t/32 with reqid {109}
Feb 26 10:19:07 TC-master charon[8392]: 11[IKE] <con7|73952> initiating IKE_SA con7[73952] to x.y.z.t
Feb 26 10:19:07 TC-master charon[8392]: 11[NET] <con7|73952> sending packet: from a.b.c.d[500] to x.y.z.t[500] (464 bytes)
Feb 26 10:19:07 TC-master charon[8392]: 11[NET] <con7|73952> received packet: from x.y.z.t[500] to a.b.c.d[500] (36 bytes)
Feb 26 10:19:31 TC-master charon[8392]: 05[KNL] creating acquire job for policy a.b.c.d/32 === x.y.z.t/32 with reqid {109}
Feb 26 10:19:31 TC-master charon[8392]: 14[IKE] <con7|73955> initiating IKE_SA con7[73955] to x.y.z.t


I did
opnsense-revert -r 21.1.1 strongswan
opnsense-update -kr 21.1
and a reboot. That didn't help.
Then, I did
opnsense-revert -r 21.1.1 strongswan
again, and now the connection comes up again.