We'd love to hear about it! Click here to go to the product suggestion community
I applied the V17 update to my XG 16.05.x software appliance. Everything seems to have upgraded successfully except VPN policy and PSK.
Both Phase 1 DH and 2 PFS changed from Group 14 to Group 2. After fixing this, the VPN still did not connect. I then re-applied the PSK on the XG from my notes and the IPSEC connected and is operating normally.
I don't know if this is an N=1 situation, or wider spread but thought I would post about it in case someone experiences it.
SAme Problem between XG V17 GA1 and UTM 9.505-4
No chance to get the ipsec connection up again - also tested entering PSK again.
Tried EVERY Phase 1 / 2 settings - nothing works
Can anyone please HELP
In reply to RoleMole:
please provide Screenshots of the Policy Config used on XG and SG.
In reply to ManBearPig:
same settings are working on 16-MR8!
Please change the "Schlüsselaushandlungsversuche" to 0 and try it again.
set to 0 / same Problem.
Did anybody Setup a successfully IPSEC connection to Utm 9.505-4 with SFOS 17.0.1 MR-1 ?
When we revert back to SFOS 16.05.8 MR everthing works fine.
I saw another post where it was suggested to not have special characters in the PSK, it also works if you use certificates instead of PSKs
Did 17.0.2 fix your problem ?
In reply to MRHU:
We have fixed the issue - see:
I had this IPsec tunnel between 9.505-4 with SFOS 17.0.1 MR-1. Yesterday I upgraded XG to XG v17.0.MR2 and the tunnel still works well.
in SF-OS version 17 sophos changed the main part of the vpn deamons. as a result of this it is an incompatibility between sf-os < 16.5 and 17. if you're looking in the logfiles using cli you will find some new logs like "strongswan.log". strongswan i the new part for ipsec vpn connections.