Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Update3 WARNING
« previous next »
Pages: [1]   Go Down

Update3 WARNING

  • 5 Replies
  • 416 Views

ryan

Update3 WARNING
« on: August 28, 2002, 09:29:17 PM »
SME 5.1.2

Update3 will replace the encryption key on your SME server.  If you are using IPSEC VPN with freeswan (not service link) INSTALLING UPGRADE3 WILL KILL YOUR IPSEC VPN CONNECTIONS.  Simply reconfiguring your ipsec vpns in server manager on all connected servers will fix the problem.  

This cost me server hours of downtime for 2 locations.  I hope this posting will help others schedule the install of update3 knowing you will have to reconfigure all Freeswan IPSEC connections.  

Ryan
Logged

Charlie Brady

Re: Update3 WARNING
« Reply #1 on: August 28, 2002, 11:11:26 PM »
ryan wrote:

> SME 5.1.2
>
> Update3 will replace the encryption key on your SME server.

Which encryption key would that be?

> If you are using IPSEC VPN with freeswan (not service link)
> INSTALLING UPGRADE3 WILL KILL YOUR IPSEC VPN
> CONNECTIONS.

I don't see anything in 5.1.2 Update 3 which has anything to do with ipsec. Care to elaborate?

Charlie
Logged

ryan

Re: Update3 WARNING
« Reply #2 on: August 29, 2002, 01:04:40 AM »
Charlie,

I updated 2 SME servers locally and 2 servers remotely.  I have 2 remote locations connected by IPSEC VPNs.  I used putty for all connections from my laptop.  I timed the reboots so that all would be down at approximately the same time with the central server rebooting about 30 seconds prior to the others.  When they came backup, I tested the vpns with a ping.  They both failed.  Further inspection revealled the keys set in the IPSEC VPN settings showed different encryption keys than the actual keys show by the 'click to view' on the remote server.  The 'click to view' on each upgraded server has changed.  The IPSEC VPN settings showed the old key for the remote server.  No other services have been affected that I am aware of.  

I reconfigured IPSEC VPN on each server using the current (keys) and everything is working fine again.  

I hope this clarifies my situation for you.

Ryan
Logged

ryan

Re: Update3 WARNING
« Reply #3 on: August 29, 2002, 01:15:14 AM »
I should not have implied that Update3 will harm all IPSEC connections.  It shut down IPSEC on my WAN.  

Ryan
Logged

Charlie Brady

Re: Update3 WARNING
« Reply #4 on: August 29, 2002, 01:18:50 AM »
ryan wrote:

> Further inspection revealled the
> keys set in the IPSEC VPN settings showed different
> encryption keys than the actual keys show by the 'click to
> view' on the remote server.  The 'click to view' on each
> upgraded server has changed.

That sounds like an issue with the ipsec add-on you are using. I'd suggest that you take up the issue with the author(s).

Charlie
Logged

ryan

Re: Update3 WARNING
« Reply #5 on: August 29, 2002, 01:40:14 AM »
I don't have an issue with anyone.  I posted so that others using the free Fresswan IPSEC could avoid running into the same situation.   If my inital posting was implying a problem with Upgrade3, I apologize.  My remote users lost connectivity to a database and an exchange server.  If anyone is to blame here it is me for not testing update3 before applying it.  I have never had any problems with an Update or blade in the past, so I applyed it immediately upon reading about it on this web site.

ryan
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Update3 WARNING