IPSEC traffic stalling after 20.7.1 upgrade

Started by Andreas_, September 01, 2020, 03:52:20 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 3 4 5
User actions
March 15, 2021, 11:39:46 AM #60
Thanks for the hint, I will give it a try (just changed and rebooted).
May 01, 2021, 12:33:43 PM #61
Sill no problems on my end with AES-NI and SHA256.

Have you ever tried AES-GCM instead of AES?
May 02, 2021, 10:09:11 PM #62
May 06, 2021, 12:25:29 AM #63 Last Edit: May 06, 2021, 08:06:33 AM by Gilad
Hi, I have a similar problem with OPNsense 21.1.5 running on DEC850 (AMD EPYC 3201). IPsec VPN "Road Warrior" to an iOS device, with the following settings: AES-256, SHA256, DH-14 and ESP.

I can connect successfully, and the VPN tunnel works for 10-20 seconds, but then just dies. I've tried different combinations of encryption and hash, with the same results.

Is the only option currently to disable the AES-NI accelaration?

May 11, 2021, 12:02:24 PM #64 Last Edit: May 27, 2021, 12:26:45 PM by jfranken
On our OPNsense 21.1.4/DEC3850 we were experiencing several hanging ipsec ikev2 associations per day until I disabled aesni.

Four weeks ago, I changed the phase 1 and 2 algorithms from CBC (aes256-sha256-modp2048!) to GCM (aes256gcm16-sha256-modp2048!) and re-enabled aesni. Since then, not a single hitch, same with 21.1.5.

Check


grep -e " ike =" -e " esp =" /usr/local/etc/ipsec.conf
to test if you got them all.

Regards
Johannes Franken
May 27, 2021, 12:22:50 PM #65
This issue will be fixed in today's release of OPNsense 21.1.6 (about to be released in the upcoming hours).

If it does not solve your issue, then you're most likely experiencing a different issue.
In that case I'd suggest to report a new issue on GitHub.


Regards
- Frank
Print
Go Up Pages 1 ... 3 4 5
User actions