Topic: Update3 WARNING

[ryan]

SME 5.1.2

Update3 will replace the encryption key on your SME server.  If you are using IPSEC VPN with freeswan (not service link) INSTALLING UPGRADE3 WILL KILL YOUR IPSEC VPN CONNECTIONS.  Simply reconfiguring your ipsec vpns in server manager on all connected servers will fix the problem.  

This cost me server hours of downtime for 2 locations.  I hope this posting will help others schedule the install of update3 knowing you will have to reconfigure all Freeswan IPSEC connections.  

Ryan

[ryan]

I should not have implied Update3 will impact all IPSEC connections.  It shut down the IPSEC connections on my WAN.  

Clarification:

Charlie Brady asked for clarification to my posting on the gereral forum:



Charlie,

I updated 2 SME servers locally and 2 servers remotely. I have 2 remote locations connected by IPSEC VPNs. I used putty for all connections from my laptop. I timed the reboots so that all would be down at approximately the same time with the central server rebooting about 30 seconds prior to the others. When they came backup, I tested the vpns with a ping. They both failed. Further inspection revealled the keys set in the IPSEC VPN settings showed different encryption keys than the actual keys show by the 'click to view' on the remote server. The 'click to view' on each upgraded server has changed. The IPSEC VPN settings showed the old key for the remote server. No other services have been affected that I am aware of.

I reconfigured IPSEC VPN on each server using the current (keys) and everything is working fine again.

I hope this clarifies my situation for you.

Ryan

[Charlie Brady]

ryan wrote:

> Charlie Brady asked for clarification to my posting on the
> gereral forum:

And as I said there, this sounds like a problem with the ipsec add-on you are using, not a problem with Update3.

Charlie