i just shot myself. updated an older server to 13.1 . this server had 5 #ipsec #vpn to older #pfsense (2.4.4) which should be updated later. but nur i run into the problem that 13.1 has no #3des or blowfish for phase 2 and for whatever reason both phases on aes does not work. sitting already 10 hours, do not want to go back to #freebsd 7.3 there. Any hint would be greatly appreciated.
@kmj AES for both phase 1 and phase 2 should be no problem, and pfsense 2.4.4 is not that old that such a setup is unsupported.
I haven't been following FreeBSD releases, but likely SHA1 has also been deprecated and you'll need to use SHA256?
I changed to sha256 already, phase 1 comes up Also p2 looks starting. Setkey -D -P shows all fine, no traffic passing. Both phases n aes, +md5 and sha256.
I can not imagine freebsd 13.1 s not able to create ipsec with pfsense/freebsd 11 and 12
@kmj The 13.0 release notes cite this change: https://cgit.freebsd.org/src/commit/?id=16aabb761c0a
According to that, md5 has been dropped too.
Mastodon ist ein soziales Netzwerk. Es basiert auf offenen Web-Protokollen und freier, quelloffener Software. Es ist dezentral (so wie E-Mail!).