Network to Network IPsec IKEv2 VPN broken after upgrade to firmware 7.1.1 build 3775

I have been running 7.1.0 build 3433 since it was released. I use a Balance One Core to connect to several of my remote offices using Network to Network IPsec IKEv2 VPNs to WatchGuard 515s. It’s been working flawlessly until I upgraded to 7.1.1 build 3775. Now it’s stuck with "Initiating Connection to " status in the IPsec VPN Event Log and just spins on the Status > IPsec VPN page. My VPNs no longer work.

If I revert back to 7.1.0 build 3433 everything comes up fine. I know that WatchGuards aren’t supported devices but since I’ve had no issues prior I wondering if anyone else has seen this issue?

I’m thinking one of these fixes broke it for me. I’m hoping someone can confirm or deny they’re having similar issues.

ref 18637 - [IPsec] IPsec IKEv2 may stop connecting in rare conditions and cause high CPU load
ref 18938 - [IPsec] IPsec stops connecting after receiving “authentication failed” signal from remote peer.
ref 18660 - [IPsec] The IPsec VPN Pre-Shared Key is displayed incorrectly if underscore ‘_’ is used as part of the key. This is not affecting configuration file and just a display issue…

@henrickd

Please open a support ticket for support team to check.

We had just running a quick test for IKEv2 IPSEC connection and it working fine. The issue can be related to other thing that we need to investigate from the device.

1 Like

Ok, I will. Thank-you.

Thank you @henrickd reported the issue.

Issue identified:
Firmware version: 7.1.1 GA
IPsec connection issue when using DH group 19, 20, 21.

Affected models:
MAX: BR1-MK2, BR1-ENT, Transit, 700HW3, HD2-Mini, HD4
Balance: Balance One, Balance 210HW4, Balance 310HW4

Workaround/Solution:
No immediate fix available, but you may choose other DH groups when setting up IPsec or stay using Firmware version 7.1.0 until the fix is released.

Our Engineering team is preparing the fix and it should be ready within 1 week from today. We will post the firmware download link here when the firmware is ready.

EDIT 17/8/2018 :

Firmware Fix is ready :

BalanceOne/B210HW4/B310HW4/BR1ENT/Transit/700HW3/HD2Mini/HD4:
https://download.peplink.com/firmware/plb1/fw-b1_210hw4_310hw4_br1ent_transit_m700hw3_hd2mini_hd4-7.1.1s027-build3812.bin

BR1MK2:
https://download.peplink.com/firmware/br1ac/fw-max_br1mk2_hotspot_sohomk3-7.1.1s027-build1347.bin

3 Likes

A post was split to a new topic: Downgrade from 7.1.1 to 7.1.0 cause VLAN settings missing?

where to download this one, you have alink?
7.1.0 build

3775-firmware

7.0.0 pipvpn version

1022-modem supp.

for my balance one core

@erictrejeros

Please upgrade your device using the latest firmware and the fixes is included in the latest firmware version.

1 Like

@sitloongs
@henrickd

i think is not compatible to other balance to connect beacause they have older version . 7.1.1

how to configure 1 dsl fiber isp and 1 ipvpn isp in balance

with the same time connection/?