I just did an up-2-date of 5.202 to 5.203 on one of my two firewalls, both on T-1s and doing a point-to-point IPSEC Blowfish VPN. Given the readme I thought this should be essentially transparent to the users, but as it happened, as soon as the patch was applied my VPN went dead, although the internet connection remained alive.
Here's a snippet from my IPSEC log:
[ QUOTE ]
2005:05:31-04:56:43 (none) pluto[2869]: ERROR: asynchronous network error report on eth1 for message to 209.X.X.X port 500, complainant 209.Y.Y.Y: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
[/ QUOTE ]
where X is the ip address of the remote host still running 5.202, and Y is the address of the just-updated local host running 5.203.
As nearly as I can tell from the log, it looks like the tunnel was connecting and keys were being established just like normal, but the IP route for the tunnel had died and wasn't refreshed. I tried rebooting the machine, and I tried stopping and restarting IPSEC VPN several times, all to no avail.
Somehow the route came back (and the tunnel worked instantly) about an hour after running the up2date.
I need to run the up2date on my other firewall but I'm terrified to do so 'cause I don't know what actually happened or how to restore it more quickly next time. Can anyone suggest what I can/should do for the next one?
TIA,
Dan
This thread was automatically locked due to age.