Van: Jason King [mailto:jking at informs dot com]
Verzonden: donderdag 16 maart 2006 21:43
Aan: m0n0wall at lists dot m0n0 dot ch
Onderwerp: [m0n0wall] VPN bug in 1.21
I didn't get much of a response from this earlier so I've decided to
submit it again with a different subject.
I think I have found a bug in 1.21. I have been using 1.2 for a while
now. These are the points of interest.
I have 2 IPSec VPN connections connecting us to 4 different hosts. Both
of these tunnels work perfectly on 1.2. The only time these connections
go down is when there is some problem on the remote end, not with the
Having said that, I tried upgrading a month ago to 1.21 which was
running off of a PC. I switched the firewall that previous night and
started it up and tested connectivity, everything appeared to be fine
(didn't check the vpn connections). Came in the next morning and I was
getting complaints that users couldn't get to those remote hosts through
the IPSec VPN tunnel. So I checked the tunnels. One of the tunnels was
up, but one was not. I called the remote host admins and asked what
could be wrong. They told me nothing changed on their side and so since
the only thing I changed was from 1.2 to 1.21 I decided it must be me.
Anyway, I took down 1.21 and put the 1.2 back in place. Both VPN
tunnels came up just fine and people continued to working.
I recently got approved for a soekris net4801 with the vpn1411 addon
board (joy). I decided I would try the net48xx version of 1.21 and see
if that made a difference. It was no different. This time I tested the
VPN connections before I left and discovered that the same problem as
before was still there. So I had to flash my CF card with 1.2 instead of
1.21 and bring the soekris up with 1.2. There again, both VPN tunnels
came up fine.
---------- Forwarded message ----------
From: Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>
Date: Mar 16, 2006 4:22 PM
Subject: RE: [m0n0wall] VPN bug in 1.21
To: Jason King <jking at informs dot com>, m0n0wall at lists dot m0n0 dot ch
I think it is already reported and will be fixed in the 1.22 release.
IIRC it was a bug in the ipsec-tools
So....If your currently using 1.21 and planning on setting up an IPSEC
tunnel between two office's, is this implying that we should either:
- wait until 1.22
- downgrade to 1.2
- or suffer with random tunnel collapse ;-(