Results 1 to 4 of 4
  1. #1
    Master Untangler
    Join Date
    Jul 2011
    Posts
    134

    Default 12.2 update broke IPSEC VPN Tunnel?

    Is there something in the 12.2 update that could break a VPN tunnels settings? Could the settings I'm using be out of date due to the patch?

    I have an IPSEC tunnel that existed between Untangle and a PFSense firewall that was working great for months then my UT box updated last night and now the tunnel will not re-establish. The far end has not changed.

    I used the directions on the Wiki for Untangle to PFSense IPSEC
    https://wiki.untangle.com/index.php/...and_pfSense.3F

    I uninstalled and reinstalled the VPN module and recreated the tunnel, but no dice.

    I did have an issue this morning where the Web UI for the Untangle box would not come up due to an Apache server error, I called support and rebooting the box fixed that problem. The Web UI works now.

    I also see one odd part in the log when I start the service up, not actually having looked at it before, I'm not sure if that unable to load plugin features message is important or not.

    Feb 17 13:05:38 untangle charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
    Feb 17 13:05:38 untangle charon: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity

  2. #2
    Newbie
    Join Date
    Mar 2017
    Posts
    2

    Default

    I was using IPsec to create a tunnel with a RV325 router. Since 12.2.1 update, the IPsec tunnel does not work for me.

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    5,826

    Default

    Is the Untangle running in transparent mode? If so the local identifier has to set with 12.2 since this field was added to enabled IKEv2 functionality.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Mar 2017
    Posts
    2

    Default

    Nope, no transparent bridge mode here.

    Here is whats happening in the log:

    Mar 1 09:42:26 uplink charon: 07[NET] sending packet: from 72.41.XXX.XXX[500] to 205.2.XXX.XXX[500] (84 bytes)
    Mar 1 09:42:26 uplink charon: 07[ENC] generating INFORMATIONAL_V1 request 3179101515 [ HASH N(AUTH_FAILED) ]
    Mar 1 09:42:26 uplink charon: 07[IKE] no peer config found
    Mar 1 09:42:26 uplink charon: 07[CFG] looking for pre-shared key peer configs matching 72.41.XXX.XXX...205.2.XXX.XXX[205.2.XXX.XXX]
    Mar 1 09:42:26 uplink charon: 07[ENC] parsed ID_PROT request 0 [ ID HASH ]
    Mar 1 09:42:26 uplink charon: 07[NET] received packet: from 205.2.XXX.XXX[500] to 72.41.XXX.XXX[500] (68 bytes)
    Mar 1 09:42:26 uplink charon: 05[NET] sending packet: from 72.41.XXX.XXX[500] to 205.2.XXX.XXX[500] (196 bytes)
    Mar 1 09:42:26 uplink charon: 05[ENC] generating ID_PROT response 0 [ KE No ]
    Mar 1 09:42:26 uplink charon: 05[ENC] parsed ID_PROT request 0 [ KE No ]
    Mar 1 09:42:26 uplink charon: 05[NET] received packet: from 205.2.XXX.XXX[500] to 72.41.XXX.XXX[500] (180 bytes)
    Mar 1 09:42:26 uplink charon: 02[NET] sending packet: from 72.41.XXX.XXX[500] to 205.2.XXX.XXX[500] (112 bytes)
    Mar 1 09:42:26 uplink charon: 02[ENC] generating ID_PROT response 0 [ SA V V ]
    Mar 1 09:42:26 uplink charon: 02[IKE] 205.2.XXX.XXX is initiating a Main Mode IKE_SA
    Mar 1 09:42:26 uplink charon: 02[IKE] 205.2.XXX.XXX is initiating a Main Mode IKE_SA
    Mar 1 09:42:26 uplink charon: 02[IKE] received DPD vendor ID
    Mar 1 09:42:26 uplink charon: 02[ENC] parsed ID_PROT request 0 [ SA V ]
    Mar 1 09:42:26 uplink charon: 02[NET] received packet: from 205.2.XXX.XXX[500] to 72.41.XXX.XXX[500] (100 bytes)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2