Hi List,
we have several tunnels between some pfsense 1.2.2 boxes. For phase 2 we
have configured AES256 as the only encryption algorithm and everything works
fine.
Now we upgrade one of the boxes to pfsense 1.2.3RC1 and all tunnels on
this box are broken. The 1.2.2 boxes show the tunnel as working, on the
1.2.3RC1 box we see the following in the logs:
* May 26 11:08:59 racoon: ERROR: pfkey ADD failed: Invalid
argument
* May 26 11:08:59 racoon: ERROR: pfkey UPDATE failed: Invalid
argument
* May 26 11:08:58 racoon: [Amm Konradsreuth]: INFO: initiate new
phase 2 negotiation: 1.2.3.4[500]<=>5.6.7.8[500]
* May 26 11:08:56 racoon: [peer]: ERROR: 5.6.7.8 give up to get
IPsec-SA due to time up to wait.
* May 26 11:08:26 racoon: ERROR: pfkey ADD failed: Invalid
argument
* May 26 11:08:26 racoon: ERROR: pfkey UPDATE failed: Invalid
argument
* May 26 11:08:26 racoon: [peer]: INFO: initiate new phase 2
negotiation: 1.2.3.4[500]<=>5.6.7.8[500]
* May 26 11:08:26 racoon: [peer]: INFO: ISAKMP-SA established
1.2.3.4[500]-5.6.7.8[500] spi:da3ff6430e99e903:aecc711801f21c92
When we configure the tunnels with 3DES instead of AES every works fine
again?! Any ideas? Thanks!
--
Benjamin Fromme <[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
