IPSec MOBIKE IKEv2 extension disabling

Hi,

Which version of XG firmware are you using?

Which IPsec profile is showing the extension?

Ian

Hi,

I'm using the latest version SFOS 20.0.1 MR-1-Build342.

This extension does not show up in any IPSec profile, but I have reason to suspect that it is enabled by default in StrongSwan, because after connecting a new 5G/LTE modem with this extension enabled, after some time my IPSec connection with about 15 devices broke down and I had a lot of these entries in the log:

"(unnamed) - Couldn't authenticate the remote gateway. Check the authentication settings on both devices. (Remote: xxx.xxx.xxx)",

where "xxx.xxx.xxx" was just the WAN address of the new 5G/LTE modem. I suspect just the MOBIKE IKEv2.

Hi,

I'm using the latest version SFOS 20.0.1 MR-1-Build342.

This extension does not show up in any IPSec profile, but I have reason to suspect that it is enabled by default in StrongSwan, because after connecting a new 5G/LTE modem with this extension enabled, after some time my IPSec connection with about 15 devices broke down and I had a lot of these entries in the log:

"(unnamed) - Couldn't authenticate the remote gateway. Check the authentication settings on both devices. (Remote: xxx.xxx.xxx)",

where "xxx.xxx.xxx" was just the WAN address of the new 5G/LTE modem. I suspect just the MOBIKE IKEv2.

Hello,

Please refer to the below KBA and it may help fix.

 Sophos Firewall: Troubleshooting site to site IPsec VPN issues 

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/Troubleshooting/S2sVPNIPsecTroubleshootCommonErrors/index.html