IPSec manual-sa in v3
RouterOS general discussion

3 posts   •   Page 1 of 1
hadenng
just joined
 
Posts: 2
Joined: Fri Mar 27, 2009 10:15 pm

IPSec manual-sa in v3

by hadenng » Fri Mar 27, 2009 10:26 pm

Hi,

I've upgraded one of our RB192 to RouterOS v3.22, and it seems like ipsec manual-sa option is gone:
In 2.9.44
[user@MikroTik] ip ipsec>
IP security supports secure (encrypted) communications over IP networks

.. -- go up to ip
policy/ -- Security policies
installed-sa/ -- Currently installed security associations
manual-sa/ -- Templates for manual security associations


In 3.22
[user@MikroTik] /ip ipsec>
IP security supports secure (encrypted) communications over IP networks

.. -- go up to ip
export -- Print or save an export script that can be used to restore configuration
installed-sa -- Currently installed security associations
peer -- IKE peer configuration
policy -- Security policies
proposal -- phase2 IKE proposal settings
remote-peers -- Remote peers
statistics --


I'm assuming there was some reorganisation and this feature is still available, but I can't find changes documentation...
(http://www.mikrotik.com/testdocs/ros/3.0/vpn/ipsec.php still mentions manual-sa)


Here are package details in old/new RouterOS, should it be important.
[user@MikroTik] system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-rb500 2.9.44
1 system 2.9.44
2 hotspot 2.9.44
3 wireless 2.9.44
4 ntp 2.9.44
5 X rstp-bridge-test 2.9.44
6 routerboard 2.9.44
7 X wireless-legacy 2.9.44
8 webproxy-test 2.9.44
9 X routing 2.9.44
10 security 2.9.44
11 advanced-tools 2.9.44
12 dhcp 2.9.44
13 ppp 2.9.44
14 routing-test 2.9.44

[user@MikroTik] /system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-mipsle 3.22
1 system 3.22
2 X mpls 3.22
3 routerboard 3.22
4 X ipv6 3.22
5 advanced-tools 3.22
6 security 3.22
7 dhcp 3.22
8 wireless 3.22
9 hotspot 3.22
10 ppp 3.22
11 routing 3.22

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4079
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: IPSec manual-sa in v3

by mrz » Mon Mar 30, 2009 9:10 am

Manual SA is removed, because it was broken and apparently nobody was using it.

hadenng
just joined
 
Posts: 2
Joined: Fri Mar 27, 2009 10:15 pm

Re: IPSec manual-sa in v3

by hadenng » Mon Mar 30, 2009 12:58 pm

I see.
Well it worked (works) fine for me (as far as functionality and interoperability with Linux setkey goes),
or do You mean there was some seriuos security issues with it?
If not, I assume I can simply downgrade back to 2.9.44.

3 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Google [Bot], xibai99 and 32 guests

It is currently Sun Nov 23, 2014 11:27 am