Community discussions

MikroTik App
 
hadenng
just joined
Topic Author
Posts: 2
Joined: Fri Mar 27, 2009 9:15 pm

IPSec manual-sa in v3

Fri Mar 27, 2009 9:26 pm

Hi,

I've upgraded one of our RB192 to RouterOS v3.22, and it seems like ipsec manual-sa option is gone:
In 2.9.44
[user@MikroTik] ip ipsec>
IP security supports secure (encrypted) communications over IP networks

.. -- go up to ip
policy/ -- Security policies
installed-sa/ -- Currently installed security associations
manual-sa/ -- Templates for manual security associations
In 3.22
[user@MikroTik] /ip ipsec>
IP security supports secure (encrypted) communications over IP networks

.. -- go up to ip
export -- Print or save an export script that can be used to restore configuration
installed-sa -- Currently installed security associations
peer -- IKE peer configuration
policy -- Security policies
proposal -- phase2 IKE proposal settings
remote-peers -- Remote peers
statistics --
I'm assuming there was some reorganisation and this feature is still available, but I can't find changes documentation...
(http://www.mikrotik.com/testdocs/ros/3.0/vpn/ipsec.php still mentions manual-sa)


Here are package details in old/new RouterOS, should it be important.
[user@MikroTik] system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-rb500 2.9.44
1 system 2.9.44
2 hotspot 2.9.44
3 wireless 2.9.44
4 ntp 2.9.44
5 X rstp-bridge-test 2.9.44
6 routerboard 2.9.44
7 X wireless-legacy 2.9.44
8 webproxy-test 2.9.44
9 X routing 2.9.44
10 security 2.9.44
11 advanced-tools 2.9.44
12 dhcp 2.9.44
13 ppp 2.9.44
14 routing-test 2.9.44
[user@MikroTik] /system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-mipsle 3.22
1 system 3.22
2 X mpls 3.22
3 routerboard 3.22
4 X ipv6 3.22
5 advanced-tools 3.22
6 security 3.22
7 dhcp 3.22
8 wireless 3.22
9 hotspot 3.22
10 ppp 3.22
11 routing 3.22
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: IPSec manual-sa in v3

Mon Mar 30, 2009 9:10 am

Manual SA is removed, because it was broken and apparently nobody was using it.
 
hadenng
just joined
Topic Author
Posts: 2
Joined: Fri Mar 27, 2009 9:15 pm

Re: IPSec manual-sa in v3

Mon Mar 30, 2009 12:58 pm

I see.
Well it worked (works) fine for me (as far as functionality and interoperability with Linux setkey goes),
or do You mean there was some seriuos security issues with it?
If not, I assume I can simply downgrade back to 2.9.44.

Who is online

Users browsing this forum: anav, dervomsee and 89 guests