On 2010-03-01, Tony Sarendal <[email protected]> wrote: > Good morning misc, > > I upgraded two devices from i386-4.6 to i386-snapshot-feb28. > After the upgrade snapshot boxes are unable to communicate with the 4.6 > devices > when going through ipsec. snapshot-snapshot works fine. > > Everything looks ok except that nothing shows up on enc0 when doing > 4.6<-->snapshot. > Deleting the SA's restores connectiviy, unencrypted of course. > Is this a known issue ?
yes, there was a bug with hmac-sha2 which was causing interop problems with correct IPsec implementations and needed fixing, unfortunately the fix breaks backwards compatibility. you'll need to switch to e.g. hmac-sha until the 4.6 box can be upgraded.
