VPN DOWN - After Upgrade

FOV · March 7, 2006, 11:03am

Hi Guys, I was on 2.9.5 a VPN vs Hotbrick.

After Upgrade, 2.9.13 the VPN was down.

Any changes on deamon?

my config:

[fvazquez@Nodo Pilar] ip ipsec policy> pri
Flags: X - disabled, D - dynamic, I - invalid
0 X src-address=192.168.0.0/24:any dst-address=192.168.1.0/24:any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=209.99.227.12 sa-dst-address=201.216.201.177 proposal=Hotbrick
manual-sa=none dont-fragment=clear

[fvazquez@Nodo Pilar] ip ipsec peer> pri
Flags: X - disabled
0 address=201.216.201.177/32:500 secret=“abentus” generate-policy=no exchange-mode=main send-initial-contact=yes
proposal-check=obey hash-algorithm=md5 enc-algorithm=des dh-group=modp768 lifetime=1d lifebytes=0

[fvazquez@Nodo Pilar] ip ipsec proposal> pri
Flags: X - disabled
0 name=“default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024

1 name=“Hotbrick” auth-algorithms=md5 enc-algorithms=des lifetime=3m lifebytes=0 pfs-group=modp768

Any ideas?

mag · March 7, 2006, 12:29pm

any entries in the log?
(why not update to 2.9.14?)

btw. 3 minute key-lifetime is very short.

FOV · March 8, 2006, 9:46pm

Could be, but, till now, with the RB 520 is not available

The problem was, that the VPN was working OK till the upgrade.

I didn´t find the answer

Rgs,

Fernando

FOV · March 8, 2006, 10:28pm

Sorry, I forgot message on log

Remote Unknown after finalizing Phase 1

Fernando

andrewluck · March 9, 2006, 6:40pm

[fvazquez@Nodo Pilar] ip ipsec policy> pri
Flags: X - disabled, D - dynamic, I - invalid
0 X src-address=192.168.0.0/24:any dst-address=192.168.1.0/24:any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=209.99.227.12 sa-dst-address=201.216.201.177 proposal=Hotbrick
manual-sa=none dont-fragment=clear

Why is this policy showing disabled?

Regards

Andrew

FOV · March 9, 2006, 9:33pm

Thx for your time, just in order to reduce the log.

On this moment is enabled, and the log file is telling Remote Unknown when is tryinng to establish phase I

FOV · March 18, 2006, 12:35am

Hi Guys, thenks you very mutch for your support and answer.

After upgraded to 2.9.13 misteriously, VPN start to work.

A minimal answer telling me: Man, wait to the upgrade was to be enogth.

TNX AGAIN

csickles · March 21, 2006, 5:52pm

One Pice of FYI…

I had 3 routers deployed with VPN to all three “legs”..

I had to upgrade one from 2.9.9 (I think) to 2.9.17..

VPN crashed… Once all routers upgraded to 2.9.17 VPN came back online…

(Oh what fun) but stable since..

Craig