IPSec usage and security

Started by schnipp, February 25, 2022, 12:07:06 PM

Previous topic - Next topic
Yesterday, I have upgraded my Opnsense from 21.7.8 to 22.1.1_3. The upgrade worked flawlessly (thanks to all the developers and the great community). Unfortunately, many of my mobile IPSec connections do not work anymore. I am still investigating and it looks like strongswan rejects the client certificates because of unknown trustworthy. Perhaps, anybody of the early adopters already has experiences with mobile IPSec connections after upgrading to new Opnsense 22.1.x.

Maybe, the problems have something in common with the security related misconfiguration of strongswan I addressed in the past. This all makes me think to either switch to another VPN technology (e.g. Wireguard) or to drop all automatically generated VPN profiles and add my manual ones (provided they won't get overwritten during configuration changes within Opnsense).

Does anybody have some recommendations?
OPNsense 24.7.11_2-amd64

February 25, 2022, 12:16:12 PM #1 Last Edit: February 25, 2022, 12:18:25 PM by schnipp
Probably I got it, some client certificates (created the same time) expired some times ago. Coincidentally in almost the same period as upgrading the Opnsense  ::)

Edit:
But, I would be glad if we can revive the discussion about security  :)
OPNsense 24.7.11_2-amd64