Community discussions

MUM Europe 2020
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

VPN DOWN - After Upgrade

Tue Mar 07, 2006 1:03 pm

Hi Guys, I was on 2.9.5 a VPN vs Hotbrick.

After Upgrade, 2.9.13 the VPN was down.

Any changes on deamon?

my config:

[fvazquez@Nodo Pilar] ip ipsec policy> pri
Flags: X - disabled, D - dynamic, I - invalid
0 X src-address=192.168.0.0/24:any dst-address=192.168.1.0/24:any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=209.99.227.12 sa-dst-address=201.216.201.177 proposal=Hotbrick
manual-sa=none dont-fragment=clear

[fvazquez@Nodo Pilar] ip ipsec peer> pri
Flags: X - disabled
0 address=201.216.201.177/32:500 secret="abentus" generate-policy=no exchange-mode=main send-initial-contact=yes
proposal-check=obey hash-algorithm=md5 enc-algorithm=des dh-group=modp768 lifetime=1d lifebytes=0

[fvazquez@Nodo Pilar] ip ipsec proposal> pri
Flags: X - disabled
0 name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024

1 name="Hotbrick" auth-algorithms=md5 enc-algorithms=des lifetime=3m lifebytes=0 pfs-group=modp768

Any ideas?
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Tue Mar 07, 2006 2:29 pm

any entries in the log?
(why not update to 2.9.14?)


btw. 3 minute key-lifetime is very short.
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

Wed Mar 08, 2006 11:46 pm

Could be, but, till now, with the RB 520 is not available

The problem was, that the VPN was working OK till the upgrade.

I didn´t find the answer

Rgs,

Fernando
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

Thu Mar 09, 2006 12:28 am

Sorry, I forgot message on log

Remote Unknown after finalizing Phase 1

Fernando
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Thu Mar 09, 2006 8:40 pm

[fvazquez@Nodo Pilar] ip ipsec policy> pri
Flags: X - disabled, D - dynamic, I - invalid
0 X src-address=192.168.0.0/24:any dst-address=192.168.1.0/24:any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=209.99.227.12 sa-dst-address=201.216.201.177 proposal=Hotbrick
manual-sa=none dont-fragment=clear
Why is this policy showing disabled?

Regards

Andrew
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

Thu Mar 09, 2006 11:33 pm

Thx for your time, just in order to reduce the log.

On this moment is enabled, and the log file is telling Remote Unknown when is tryinng to establish phase I
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

Sat Mar 18, 2006 2:35 am

Hi Guys, thenks you very mutch for your support and answer.

After upgraded to 2.9.13 misteriously, VPN start to work.

A minimal answer telling me: Man, wait to the upgrade was to be enogth.

TNX AGAIN
 
csickles
Forum Guru
Forum Guru
Posts: 1257
Joined: Fri May 28, 2004 8:46 pm
Location: Phoenix, AZ
Contact:

Tue Mar 21, 2006 7:52 pm

One Pice of FYI...

I had 3 routers deployed with VPN to all three "legs"..

I had to upgrade one from 2.9.9 (I think) to 2.9.17..

VPN crashed... Once all routers upgraded to 2.9.17 VPN came back online...

(Oh what fun) but stable since..

Craig
Things that make you go "Hmmmmmmmm"...

Craig

Who is online

Users browsing this forum: Abdock, durrsaku, eworm, McSee, ntrits, Solaris and 137 guests