Hi,
I Upgraded to MR5 yesterday, all went great, suddenly this evening, tunnels start dropping up and down, and I am being "spammed" with notifications from my SFM that tunnels are terminated.
charon.log shows a lot of theese:
invalid ID_V1 payload length, decryption failed?
I have Read here:
Sophos XG Firewall: Cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA when using IKEv1
That there are issues in MR5, that will be resolved in MR6, but theese errors should read:
"invalid HASH_V1 payload length, decryption failed?"
as stated in the KB above.
I have 4 tunnels on my XG.
Are others seeing this?
A little more log:
2018-01-29 19:54:58 10[ENC] <622> invalid ID_V1 payload length, decryption fail
ed?
2018-01-29 19:54:58 10[ENC] <622> could not decrypt payloads
2018-01-29 19:54:58 10[IKE] <622> message parsing failed
2018-01-29 19:54:58 10[ENC] <622> generating INFORMATIONAL_V1 request 158523599
[ HASH N(PLD_MAL) ]
2018-01-29 19:54:58 10[NET] <622> sending packet: from x.x.x.x[500] to 5.1
03.12.171[500] (76 bytes)
2018-01-29 19:54:58 10[IKE] <622> ID_PROT request with message ID 0 processing
failed
2018-01-29 19:54:58 10[DMN] <622> [GARNER-LOGGING] (child_alert) ALERT: parsing
IKE message from x.x.x.x[500] failed
2018-01-29 19:54:58 19[JOB] <622> deleting half open IKE_SA with x.x.x.x a
fter timeout
2018-01-29 19:54:58 19[DMN] <622> [GARNER-LOGGING] (child_alert) ALERT: IKE_SA
timed out before it could be established
All tunnels are unstable during this, yesterday with MR3, it worked great for weeks!
This thread was automatically locked due to age.
