[SOLVED] IPsec stopped working with 16.7.5

[Space]

Hi,

I have been using IPsec to connect some Android devices via VPN to my intranet and this worked fine with 16.7.4. But after the update it does not work any more. In the log file I see errors like these:

Code Select Expand

Oct 1 11:14:30 charon: 13[IKE] no shared key found for '192.168.21.1'[192.168.21.1] - 'user@spacenet'[192.168.21.102]
Oct 1 11:14:30 charon: 13[IKE] <con1|33> no shared key found for '192.168.21.1'[192.168.21.1] - 'intra@spacenet'[192.168.21.102]
Oct 1 11:14:30 charon: 13[CFG] selected peer config "con1"

But in Phase 1 Proposal a PSK is configured. I have not touched the IPsec config inbetween. Any idea what might cause this?

Thanks and best regards,

    Jochen

[AdSchellevis]

Hi Jochen,

Your experiencing the same issue as https://forum.opnsense.org/index.php?topic=3740, the easiest work-around is to add the psk from your mobile connection manually in vpn_ipsec_keys.php.

Use 0.0.0.0 as identifier.

A fix is already in our codebase and will probably be available in the next release.

Best regards,

Ad

[Space]

Hi Ad,

I had checked that thread but obviously missed the solution ... ok, it's not urgent for me so I will probably wait for the next release.

Thanks and best regards,

   Jochen

[Space]

Correction: workaround is too simple to wait ... I added the key and it works.

Thanks and best regards,

   Jochen

[franco]

I've queued all of this up for 16.7.6, you can apply the patch[1] by running the following command:

# opnsense-patch 23d1e0ff0ca


Cheers,
Franco

[1] https://github.com/opnsense/core/commit/23d1e0ff0ca

[Space]

Hi,

I can confirm that it's working after applying the patch with removed workaround.

Thanks and best regards,

    Jochen