Last Modified: Sep 30, 2022
See more info
Known Affected Versions:
16.1.3, 188.8.131.52, 184.108.40.206, 16.1.2, 16.1.1, 16.1.0, 220.127.116.11, 15.1.5, 18.104.22.168
Opened: Sep 21, 2021
IKEv1 tunnels fail to start or re-key after an upgrade. In the racoon.log file a clear sign of this issue is the combination of an IPsec SA being established and a buffer space error immediately after: INFO: IPsec-SA established: ESP/Tunnel 172.16.1.6->172.16.12.6 spi=2956426629(0xb0377d85) ERROR: pfkey UPDATE failed: No buffer space available
IPsec tunnels will stop working after being up for an initial period of time.
-- IPsec IKEv1 tunnels
The only workaround is to switch to IKEv2.
Internal message handling related to IKEv2 high availability (HA) has changed, unintentionally breaking IKEv1's ability to keep tunnel states up-to-date. IKEv1 can now track tunnel state correctly. Note: IKEv1 high availability (HA) / mirroring is still not supported and there is no plan to support it.