Multiple S2S VPNs with AWS can't established after internet break

124»

All Replies

  • gb5102
    gb5102 Posts: 25  Freshman Member
    First Anniversary Friend Collector First Comment
    It appears you already figured out your issue, but I just wanted to point out that DH groups 16 thru 18 have known issues, I believe it started in v4.39.
    From firmware release notes:
    IKE v2 Proposal mix not working (DH16, DH17, DH18)


  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @gb5102,

     

    Thank you for your comment. 

    All of the firmwares after v4.62 covers IKE v2 Proposal mix not working (DH16, DH17, DH18) fix.
  • Wojtas
    Wojtas Posts: 49  Freshman Member
    First Anniversary Friend Collector First Comment
    edited July 2021
    Hi @Zyxel_Can

    Maybe you fixed the DH group issue, but the devices are too slow for this. When tunnels had been negotiated, the GUI was very slow and showed a lot of CLI errors, CPU worked on 90%... and that's why tunnels hadn't been established.  

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    DH19(ECP256), DH20(ECP384) is support by Azure. (DH21 is not support)
    It's an alternative to DH16,17,18 with same security strength but fast.
     
  • gb5102
    gb5102 Posts: 25  Freshman Member
    First Anniversary Friend Collector First Comment
    Zyxel_Can said:

    Hi @gb5102,

     

    Thank you for your comment. 

    All of the firmwares after v4.62 covers IKE v2 Proposal mix not working (DH16, DH17, DH18) fix.

    Are you saying the known issues with DH16/17/18 are fixed in current firmware versions?
    Because this issue is still listed under "Known Issues" section in v4.65 release notes for Zywall 110.

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @gb5102,


    Sorry for misunderstanding.


    The fix was actually implemented in the forum release version.


    Currently the latest forum release version is 4.62 WK14:

    https://community.zyxel.com/en/discussion/10639/zld-v4-62-wk14-firmware-release#latest

     

    The 4.65 forum release will be ready next week.

    You can download the latest updates from the following thread once it was released:

     

    https://community.zyxel.com/en/categories/firmware-release

     


Security Highlight