Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Possible IPsec regression on upgrade to 24.7.9_1-amd64
« previous
next »
Print
Pages: [
1
]
Author
Topic: Possible IPsec regression on upgrade to 24.7.9_1-amd64 (Read 94 times)
Chaskel
Newbie
Posts: 10
Karma: 0
Possible IPsec regression on upgrade to 24.7.9_1-amd64
«
on:
November 22, 2024, 03:09:06 am »
Hello, today I upgraded 2 sites to 24.7.9_1-amd64 (I believe I was previously on 24.7.4_1-amd64). After doing that everything seemed to be OK except that I noticed that my syslog server on the LAN was no longer getting syslogs from client devices on the other side of the IPsec connection.
Upon investigation it appears the remote site's individual client device IP addresses (for each device transmitting syslog output) were all being seen on the IPsec link with the remote sites public WAN IP instead. I was seeing denies in the firewall for the public IP on the IPsec interface and then after doing a temporary rule to allow the public IP I saw the same via tcpdump on the syslog server.
I was not able to resolve the issue, and as I needed to fix it as quickly as possible I took the opportunity to convert over to WireGuard. That said, I did want to pass this information on in case it was helpful and is reproducible by someone else.
Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Possible IPsec regression on upgrade to 24.7.9_1-amd64