It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

IPSec-tunnel disappears from configuration after editing a tunnel

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005302 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:
 When changing the configuration of an existing IPSec-tunnel, the ngadmin client suddenly disconnects the session. After reconnecting, the VPN Site to Site configuration node is not openable any more and existing IPSec-tunnels disappear at the gateways VPN Active Tab.

 
Solution:

The ngadmin client does not support management of gateways that have a HIGHER version number than the ngadmin client itself. This may lead to an inconsistent system configuration and can cause operative malfunctions.

Of course the ngadmin client is capable of managing gateways that have a LOWER version number than the ngadmin client itself.


To solve this problem, a manual intervention on the configuration file responsible for VPN-tunnel configuration is needed.
If you are not familiar with the vi text editor please get in contact with support to avoid further-reaching impacts to your actual configuration.

Manual configured "Advanced RAW ISAKMP Settings" got lost. If necessary these settings need to be re-configured for each IPSec-tunnel.
Any other IPSec-tunnelsettings are recoverable.

Step 1: Block the rangeconf-service (or boxconfig-service in case of a single box) to avoid simultaneous access to the affected configuration file.

Step 2
: Enter Command Line, login as root and open / edit the responsible file as described.

    On control center-boxes:
vi /opt/phion/maintree/configroot/<rangenumber>/<clustername>/clusterservers/<servername>/services/<servicename>/vpntunnel.conf

    On single-boxes:

vi /opt/phion/config/configroot/servers/<servername>/services/<servicename>/vpntunnel.conf


Locate the string RAWIPSEC, change these sections like described below and save the file.


    Wrong:

PRESHARED = 0123456789012345678900

RAWIPSEC = -----BEGIN Text-----

REPLAYSIZE = 0


    Correct:

PRESHARED = 0123456789012345678900
RAWIPSEC = -----BEGIN Text-----

-----END Text-----

REPLAYSIZE = 0


Step 3: Activate the changed configuration:


On control centers:
Start the rangeconf-service and trigger a complete update ("Control" > "Configuration Updates") by rightclicking the affected box and selecting "Complete Update" in the context menu.

On single boxes:

Start the boxconfig-service, open the Site to Site configuration ("Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "Site to Site") and perform a dummy-change to trigger a rewrite of some used internal VPN-configfiles.



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKbXAAW