|
||||||||
Yes, something had to have changed in 1.21 from 1.2. Specifially in the area of the ISA keying/hashing. Who knows, I know I'm not adept enough to even know what to look for. I'm glad it isn't just me though. THanks for the input. Jason Adam Gibson wrote: > I have a similar problem with 1.21. I noticed this within a week of > 1.21 release. I had to downgrade to 1.2 on all the systems (all > firewalls are using S2S Shared Secret VPN tunnels to a SEF firewall > and exhibited the problem). > > On 4 different m0n0wall systems I saw that the tunnels came up the > first time when 1.2 was upgraded to 1.21. After some amount of time > the tunnels just stopped working. > > On the non-m0n0wall(SymantecEnterpriseFirewall) side of the tunnels it > just mentioned awaiting ISAKMP rekey. I tried rebooting the m0n0wall > system, etc but the only thing that worked was backing down to 1.2 and > immediately the tunnels established again and all are still running > today(1 to 2 months so far). I repeated the problem again by > upgrading one to 1.21 again and then had to back it down a few days > later when the problem was discovered again. > > Not a big deal right now for me since 1.2 works just fine and > troubleshooting remote VPN tunnels. > > I wonder what changed in 1.21 from 1.2. Something must have changed. > > Jason King wrote: > >> I think I have found a bug in 1.21. I have been using 1.2 for a while >> now. These are the points of interest. >> >> I have 2 IPSec VPN connections connecting us to 4 different hosts. >> Both of these tunnels work perfectly on 1.2. The only time these >> connections go down is when there is some problem on the remote end, >> not with the m0n0wall. >> >> Having said that, I tried upgrading a month ago to 1.21 which was >> running off of a PC. I switched the firewall that previous night and >> started it up and tested connectivity, everything appeared to be fine >> (didn't check the vpn connections). Came in the next morning and I >> was getting complaints that users couldn't get to those remote hosts >> through the IPSec VPN tunnel. So I checked the tunnels. One of the >> tunnels was up, but one was not. I called the remote host admins and >> asked what could be wrong. They told me nothing changed on their side >> and so since the only thing I changed was from 1.2 to 1.21 I decided >> it must be me. >> >> Anyway, I took down 1.21 and put the 1.2 back in place. Both VPN >> tunnels came up just fine and people continued to working. >> >> I recently got approved for a soekris net4801 with the vpn1411 addon >> board (joy). I decided I would try the net48xx version of 1.21 and >> see if that made a difference. It was no different. This time I >> tested the VPN connections before I left and discovered that the same >> problem as before was still there. So I had to flash my CF card with >> 1.2 instead of 1.21 and bring the soekris up with 1.2. There again, >> both VPN tunnels came up fine. >> >> I'm not even sure where to start looking for a solution to this >> problem I'm seeing. Not really sure if it IS a problem but something >> has definitly changed between 1.2 and 1.21 that breaks my VPN tunnels. >> >> Just wanted to let everyone know what I found. I'm not looking for a >> solution so much as I wanted the list to know about the problem. I'm >> perfectly fine with 1.2. >> >> m0n0wall ROCKS! >> >> Jason >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |