[SOLVED] IPsec VPN ASN.1 distinguished Name not parsed?

Started by cmo, April 19, 2022, 11:52:13 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 19, 2022, 11:52:13 AM Last Edit: April 19, 2022, 03:28:13 PM by cmo
Our IPSec configuration stopped working after upgrade to Version 21.7.1 from 20.x

It looks like the distinguished name could not be parsed anymore. According to the log, it seems seems nothing have been entered. -> two quotes but no content

Configuration for Test:



Log Message:
charon[22695]   10[IKE] <con1|7> IDir 'C=AT, ST=xxx, L=xxxxx, O=xxxxxx, OU=xx, CN=xxxxxxx, E=info@xxx.com' does not match to ''


File ipsec.conf:

rightid = asn1dn:"C=AT"


I also found an old discussion that tells that asn1dn should also be in quotes.

Any helpfull hints?




April 19, 2022, 03:02:26 PM #1
See https://github.com/opnsense/changelog/blob/293f829200f2175ef3d11dfc970888956ac78193/community/21.7/21.7#L157

An "automatic" type was added later on and you can try it for compatibility. Though a mismatch could indicate a lingering issue with the previous configuration not using what you expected.


Cheers,
Franco
April 19, 2022, 03:27:24 PM #2
Thanks for the fast respond. Auto mode works.
Print
Go Up Pages1
User actions