Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[SOLVED] IPsec VPN ASN.1 distinguished Name not parsed?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPsec VPN ASN.1 distinguished Name not parsed? (Read 2645 times)
cmo
Newbie
Posts: 2
Karma: 0
[SOLVED] IPsec VPN ASN.1 distinguished Name not parsed?
«
on:
April 19, 2022, 11:52:13 am »
Our IPSec configuration stopped working after upgrade to Version 21.7.1 from 20.x
It looks like the distinguished name could not be parsed anymore. According to the log, it seems seems nothing have been entered. -> two quotes but no content
Configuration for Test:
Log Message:
charon[22695] 10[IKE] <con1|7> IDir 'C=AT, ST=xxx, L=xxxxx, O=xxxxxx, OU=xx, CN=xxxxxxx, E=info@xxx.com' does not match to
''
File ipsec.conf:
rightid = asn1dn:"C=AT"
I also found an old discussion that tells that asn1dn should also be in quotes.
Any helpfull hints?
«
Last Edit: April 19, 2022, 03:28:13 pm by cmo
»
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: IPsec VPN ASN.1 distinguished Name not parsed?
«
Reply #1 on:
April 19, 2022, 03:02:26 pm »
See
https://github.com/opnsense/changelog/blob/293f829200f2175ef3d11dfc970888956ac78193/community/21.7/21.7#L157
An "automatic" type was added later on and you can try it for compatibility. Though a mismatch could indicate a lingering issue with the previous configuration not using what you expected.
Cheers,
Franco
Logged
cmo
Newbie
Posts: 2
Karma: 0
Re: IPsec VPN ASN.1 distinguished Name not parsed?
«
Reply #2 on:
April 19, 2022, 03:27:24 pm »
Thanks for the fast respond. Auto mode works.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[SOLVED] IPsec VPN ASN.1 distinguished Name not parsed?