hi folks.
I have old ipsec profiles which are not working (long not used) - should I create new ones after regenerating DH and all the stuff assigned with “cryptographic warning” in openvpn section ? is the ipsec section independent from openvpn section - also removing X509 belongs under ipsec section there - or it affects also the openvpn ?
thank You.
p.s. I don’t want to kill and create again 60+ vpn client profiles… 
Hi,
no, this is not necessary (see below).
Yes. 
No removing all X.509 material will only have effect on IPsec. OpenVPN will remain untouched.
It might be helpful or stress-relieving to create a backup of your IPFire’s configuration before removing anything. In case you discover the wrong certificates to be gone, you can simply restore your backup.
Thanks, and best regards,
Peter Müller
well Peter, thank You.
all is going fine, after removing X509 and generating new ones for every of 3 locations and enabling the old IPSec tunnels again - the interconnection begins smoothly work… and, IT HOLDS !!! not like before - it was dropping also was unusable for long term usage…
now We don’t need to create separate VPN tunnels every time We are in any of Our offices - they all 3 are interconnected…
Hi,
thanks for the reply. Glad things work fine now.
Thanks, and best regards,
Peter Müller