[SOLVED] 25.1.3 breaks ospf over ipsec again, maybe?

[Jiffy]

It's exactly the same problem I posted quite some time ago: https://forum.opnsense.org/index.php?msg=110647

The differences between this time and the last are
- version 25.1.1. to 25.1.3
- I did do a fresh install before posting this
- and it was after dinner this time. :)

I'm Running OPNsense in a Proxmox VM.
During lunch today, I shut it down, took a snapshot, powered it up and upgraded to 21.1.6.
At that point everything worked except for the ipsec tunnel, the tunnel was up, OSPF neighbors were there and the correct routes were installed too, it just wasn't working.
I couldn't connect to anything nor could I ping anything.
I even went as far as installing an "any any" rule in both directions on my ipsec interface, no joy.
No other changes were made, I had to bring the tunnel back up so I restored the snapshot.
After the restore everything was fine again.
I can upgrade it again, but is there anything else I can check?
Is there something I can do/test/report that will help you help me?

Thank you,
Jiffy

[franco]

Cedrik will double-check, but so far no other FRR related reports on 25.1.3. Usually a good sign.


Cheers,
Franco

[Jiffy]

Ok, standing by, thank you, Franco!

[Monviech (Cedrik)]

Sorry cannot confirm. I have this exact setup for test:

https://docs.opnsense.org/manual/how-tos/dynamic_routing_ospf.html#ipsec-failover-with-vti-and-ospf

Updated all to 25.1.3 and stuff still worked.

[Jiffy]

If it matters, I'm still using "Tunnel Settings [Legacy]" as this VM has just been constantly upgraded.

I know I need to migrate to the new settings. Is there an easy way to do that?
Will this be fixed? It seems to supposed to be supported at least until 26 comes out.

Jiffy

[Monviech (Cedrik)]

Maybe its this:

https://github.com/opnsense/plugins/issues/4590

There will be a fix soon.

[Jiffy]

I guess the patch has been rolled out.
I've just upgraded and everything seems likes it's working now.
Thank you,
Jiffy