Possible bug? IPsec certificate export problem since Core Update 158

Hello all! I’m new here and still evaluating IPFire. This may be a bug or it may be a mis-understanding, and I don’t want to be muddying up the bug reporting system with something that may be intended or misunderstood…

I have been playing with IPsec RoadWarrier VPN tunnels. Several were created before the Core 158 update, all using the defaults through the interface screen. There was no problem using the disk-icon export and then importing the PKCS12 files into Windows 10 and Windows 11 computers.

Since Core Update 158, files exported through the interface are not being recognized by Windows or by KeyStore Explorer running on Windows. This is true of keys generated before and after Update 158. If the files are transferred directly out of /var/ipfire/certs using SCP, they are fine.

The reported size of the files SCP’d into Windows is 16,260 bytes, while the reported file size of the exported files through the interface are 5163 bytes, which is very close to the size (5136 bytes) in the Linux file system. This leads me to suspect a possible encoding issue with the export that has only been introduced since Update 158.

I am running IPFire on a Dell R620. Web access has been through Windows 10 and Windows 11, using Opera (which worked prior to Update 158), Edge, Chrome, FireFox and Brave browsers. (I have tested each of them - same results, same file size.)

If this is intended behavior, where would I find it documented? And if not, is this a bug which should be reported?

Thank you!

1 Like

Hey Pete! Welcome to the IPFire Community!

I know there were some changes to IPsec in CU 158. But I don’t know if this changes IPsec for Windows or not. (I am just learning about IPsec)

See:

To me since you mentioned:

I would guess this is a bug.

Are there any import/export errors? Maybe info from the messages log (var/log/messages)? Or messages you see on the screen or messages in the Windows log?

1 Like

thanx Pete Celano for pointing to the update 158

I have exactly the same problem.

When trying to set up an IPSEC roadwarrior VPN the downloaded certificates (.p12 files ) by IPfireGUI the files are corrupt

When i copy the .p12 files via CP from /var/ipfire/certs to an usb stick and import them to windows10 they work fine.

when you download the .p12 trough the gui on chrome by

IPfire->Services->IPSEC-> Connection Status and -Control and click on the download ICON they wil not import in WIN10 the error is
can not recognise filteype
or
This file can not be used for personal information exchange

when I look at the corrupt files: for each line but the first there is an extra space, but correcting that manualy wont help.

Problems come when updating to core 158 confirmed by reinstalling the firewall 4 times

I am new here don’t know how to file a bug report or what.

Can somebody please help us?

Thank you so much for your effort and time

Hi @cok1

Welcome to the IPFire community.

Your IPFire People email address and password also work as credentials for logging into IPFire Bugzilla.
https://bugzilla.ipfire.org/

The wiki provides guidance on submitting a bug and how to write a good bug report
https://wiki.ipfire.org/devel/bugzilla
Thanks very much.

1 Like