Folgen

i just shot myself. updated an older server to 13.1 . this server had 5 to older (2.4.4) which should be updated later. but nur i run into the problem that 13.1 has no or blowfish for phase 2 and for whatever reason both phases on aes does not work. sitting already 10 hours, do not want to go back to 7.3 there. Any hint would be greatly appreciated.

@kmj AES for both phase 1 and phase 2 should be no problem, and pfsense 2.4.4 is not that old that such a setup is unsupported.

I haven't been following FreeBSD releases, but likely SHA1 has also been deprecated and you'll need to use SHA256?

@galaxis
I changed to sha256 already, phase 1 comes up Also p2 looks starting. Setkey -D -P shows all fine, no traffic passing. Both phases n aes, +md5 and sha256.

I can not imagine freebsd 13.1 s not able to create ipsec with pfsense/freebsd 11 and 12

@kmj The 13.0 release notes cite this change: cgit.freebsd.org/src/commit/?i
According to that, md5 has been dropped too.

@galaxis thx a lot. i have overseen the md5 stuff. changed to sha256 too and it works now.

Melde dich an, um an der Konversation teilzuhaben
Mastodon

Mastodon ist ein soziales Netzwerk. Es basiert auf offenen Web-Protokollen und freier, quelloffener Software. Es ist dezentral (so wie E-Mail!).