The IPSec change (around 4.7 or so) was a change to HMAC-SHA2 algorithms used for authentication between nodes. As long as your nodes are using a different authentication, you avoid the authentication compatibility issue.
IIRC, the "quick auth" uses HMAC-SHA2 by default, and that is the only default that needs to be altered to allow nodes before and after the change to interoperate.
Since you were in this interoperability mode, but are no longer, did you return to the default HMAC-SHA2-256 default for quick mode authentication in both directions?
---
I don't know much about IPSec under the covers. I'm just a user, and I upgraded my nodes simultaneously and never needed to switch authentication technologies. But since your log is filled with errors associated with quick authentications, I would look to quick auth misconfigurations between nodes.
|