I have a similar problem with 1.21. I noticed this within a week of
1.21 release. I had to downgrade to 1.2 on all the systems (all
firewalls are using S2S Shared Secret VPN tunnels to a SEF firewall and
exhibited the problem).
On 4 different m0n0wall systems I saw that the tunnels came up the first
time when 1.2 was upgraded to 1.21. After some amount of time the
tunnels just stopped working.
On the non-m0n0wall(SymantecEnterpriseFirewall) side of the tunnels it
just mentioned awaiting ISAKMP rekey. I tried rebooting the m0n0wall
system, etc but the only thing that worked was backing down to 1.2 and
immediately the tunnels established again and all are still running
today(1 to 2 months so far). I repeated the problem again by upgrading
one to 1.21 again and then had to back it down a few days later when the
problem was discovered again.
Not a big deal right now for me since 1.2 works just fine and
troubleshooting remote VPN tunnels.
I wonder what changed in 1.21 from 1.2. Something must have changed.
Jason King wrote:
> I think I have found a bug in 1.21. I have been using 1.2 for a while
> now. These are the points of interest.
> I have 2 IPSec VPN connections connecting us to 4 different hosts. Both
> of these tunnels work perfectly on 1.2. The only time these connections
> go down is when there is some problem on the remote end, not with the
> Having said that, I tried upgrading a month ago to 1.21 which was
> running off of a PC. I switched the firewall that previous night and
> started it up and tested connectivity, everything appeared to be fine
> (didn't check the vpn connections). Came in the next morning and I was
> getting complaints that users couldn't get to those remote hosts through
> the IPSec VPN tunnel. So I checked the tunnels. One of the tunnels was
> up, but one was not. I called the remote host admins and asked what
> could be wrong. They told me nothing changed on their side and so since
> the only thing I changed was from 1.2 to 1.21 I decided it must be me.
> Anyway, I took down 1.21 and put the 1.2 back in place. Both VPN tunnels
> came up just fine and people continued to working.
> I recently got approved for a soekris net4801 with the vpn1411 addon
> board (joy). I decided I would try the net48xx version of 1.21 and see
> if that made a difference. It was no different. This time I tested the
> VPN connections before I left and discovered that the same problem as
> before was still there. So I had to flash my CF card with 1.2 instead of
> 1.21 and bring the soekris up with 1.2. There again, both VPN tunnels
> came up fine.
> I'm not even sure where to start looking for a solution to this problem
> I'm seeing. Not really sure if it IS a problem but something has
> definitly changed between 1.2 and 1.21 that breaks my VPN tunnels.
> Just wanted to let everyone know what I found. I'm not looking for a
> solution so much as I wanted the list to know about the problem. I'm
> perfectly fine with 1.2.
> m0n0wall ROCKS!
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch