cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3422
Views
0
Helpful
20
Replies

[RV345] Client-to-site VPN auth error after 1.0.03.24 firmware upgrade

adamwood
Level 1
Level 1

Since receiving an automated firmware upgrade to 1.0.03.24 this week, all client-to-site VPN connection are failing on our RV345. The relevant parts of the logs (more can be provided if needed) appear to be:

info vpn charon: 10[IKE] PAM authentication has received the connection name 'c2s_vpn'
error vpn charon: PAM no modules loaded for `s2s-vpn' service
info vpn charon: 10[IKE] XAuth pam_authenticate for 'vpntest' failed: Permission denied

This occurs both with our Radius authenticated user group as well as a local user setup (per logs) to rule out a Radius issue. The obvious error is regarding a missing module for the 's2s-vpn' service, yet this is a 'c2s-vpn' tunnel. I can't find any reference to this error in search results or community posts, nor anything relevant in the release notes for this release, so any help would be appreciated.

20 Replies 20

CitNetGuy
Level 1
Level 1

Hi,

 

There seems to be an issue with New firmware 1.0.03.24 blocking traffic in general current configurations.

There is one person that did a reset after update and reconfigured but experienced anomalies.

New firmware 1.0.03.24 for rv340w - Cisco Community

 

 

 

 - You may  want to further escalate this problem :

           https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 M,



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Thanks for pointing me to this, I hadn't seen it. Good to know we're not alone with this.

Unfortunately, it looks like the only 'solution' presented there is to roll back to 1.0.3.22, which we were hoping to avoid. We'll hold off on doing that for as long as possible in the hope that an actual solution is found, otherwise will go with that and disable automated updates to avoid this. Although I'm not sure what we (and others seemingly) as supposed to do if a security release is issued in future.

adamwood
Level 1
Level 1

UPDATE:

Reverting to 1.0.3.22 has resolved this. Thankfully we had a config backup from prior to the automated update, so we factory reset the device, installed/reverted the firmware, then imported the backup config (and disabled automated updates). VPN connections are working again as previously.

This means that we, along with others seemingly, cannot apply further updates to this device until this issue is resolved, rendering the further year of security updates on the device redundant currently. If would be good if someone from Cisco can log this as an issue.

 

          ...> If would be good if someone from Cisco can log this as an issue

                                 The common practice is for customers to take action :

        https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 M



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

I also had to roll back to 1.0.3.21 (didn't try even the 1.0.3.22, went straight to 1.0.3.21 I had before). I had a perfectly working setup, but then Radius stopped working with the update to 1.0.3.24. I get these warnings in the log:

https://slack-files.com/T0BA8B8G1-F02REN1SWEP-858aee79c6

pptp: rc_read_config: can't open /etc/radiusclient/radiusclient.conf: No such file or directory

pptp: RADIUS: Can't read config file /etc/radiusclient/radiusclient.conf

 

Something clearly broke.

 

andresdn
Level 1
Level 1

Yesterday I reached Cisco Support for 2 RV-340 with connectivity issues upgrade to .24. Send logs and configurations to Cisco for analisys. First response was "you should roll back to 1.0.03.22 or do an upgrade to 1.0.03.24 + factory reset + configure from start". I wasn´t pleased with those solutions so they scaled the issue to a sustaining enginner. They promised me 24/48 hs with a feedback.

egatec
Level 1
Level 1

I have the same problem with the latest version 1.0.03.26, I'll rollback to 1.0.03.22 where there is no problem... It looks like Cisco y releasing the upgrades without fixing the issues...

After testing for the last 2 weeks, Cisco workaround didn´t fix the issue so rollback to 1.0.03.22 is the best solution by far.

Hi,

exactly, also tring with version 1.0.03.26 there is the same vpn issue....I'll rollback to 3.22....

I can confirm that 1.03.26 also screws up VPN authentication using both Cisco AnyConnect client and Baked in Cisco IPSec client backed into iOS and MacOS 12.2.  Please get this fixed Cisco.  It is the primary reason my business bought the router was the amount of VPN client options and AnyConnect.  

 

 

                         >....Please get this fixed Cisco

 FYI : https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 M. 



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

All,  

 

I spoke to a support engineer

and have a case open.  They are recommending upgrading to 1.03.26.  Then doing a factory reset.  Then MANUALY reconfiguring the router’s settings.  I asked about restoring my config from .22 and he said there are differences and configuration changes so best approach is do a manual reconfigure.  I am on the fence on doing it as it is time consuming and I am not if this will fix it the VPN issue?  Obviously I will do a full backup again of my 1.03.22 setup to a PC and have both firmwares….for a roll back.  Oh and the RV’s have been discontinued due to the chipset shortage. Supposedly a new model or two is in the pipeline. 

Did you end up staying on .26 and reconfiguring from scratch? Did that resolve the issue? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: