Route10 Firmware 1.5a Released!

Alta-MikeD · June 3, 2026, 10:38pm

A new firmware release is now available for Route10, continuing to expand the platform’s VPN capabilities with a focus on higher throughput for encrypted connections.

Add support for hardware-accelerated IPsec “turbo,” with near gigabit VPN speeds.

IPsec acceleration will be enabled automatically if Acceleration is enabled on the device.

This update is being rolled out now. You can manually initiate the upgrade if you’d like, or it will automatically update overnight (if auto-updates are enabled). The complete, up-to-date changelog is available here:

If you have questions, feedback, or run into any issues, feel free to reply here or start a new topic. Including configuration details or relevant logs where possible helps us troubleshoot and respond more quickly.

barhom · June 4, 2026, 7:44am

Hey,

Thanks for the update. Any update for VPN is welcome.
This unfortunately broke our IPSEC tunnel, we are examining now however it seems like there is some crypto mismatch between Route10 and the other side that happened after the update.

We would like to see more debug/status in the webui for the IPSEC tunnels to better help to see what it is that is failing.

Unflawed · June 4, 2026, 11:51am

I think it’s the hardware acceleration that causing IPSec tunnels to break. Try turning it off by using the system helper script:

/lib/sh/ipsec-accel.sh off

Unflawed · June 4, 2026, 12:06pm

Aside from IPSec, there’s also an issue introduced with mwan3 (pbr related) which broke my Tailscale setup.

barhom · June 4, 2026, 12:33pm

We found this in the error logs,

"

Jun 4 08:31:51.258 Route10 kern.warn kernel: [ 7151.536836] Db entry not found for the given algorithm <echainiv(authenc(hmac(sha512),cbc(aes)))>

Jun 4 08:31:51.258 Route10 kern.warn kernel: [ 7151.536840] Failed to find driver name for the crypto algorithm: echainiv(authenc(hmac(sha512),cbc(aes)))

Jun 4 08:31:51.258 Route10 kern.warn kernel: [ 7151.536841] Crypto Initialisation failed

Jun 4 08:31:51.258 Route10 kern.warn kernel: [ 7151.536845] 00000000337b3427: unable to initialize xfrm_state

"

barhom · June 4, 2026, 12:36pm

is this persistent over reboot? We disabled acceleration globally on the router and rebooted but not sure if thats good.

Unflawed · June 4, 2026, 12:46pm

No. You have to use post-cfg.sh and add it there.

jmszuch · June 4, 2026, 12:46pm

I don’t have an IPSec tunnel to test with myself, but I’d expect a reboot to revert the change made from the command line. I’d run that command and see if it resolves the issue without rebooting the Route10 first. If it does, then that command can be added to a post-cfg.sh file to keep it persistent until @Alta-MikeD or someone can dig into the issue further

Unflawed · June 4, 2026, 12:53pm

This is the 2nd time an update broke my setup so I will disable automatic updates for now.

austin.payne · June 4, 2026, 4:05pm

@barhom @Unflawed Thanks for the reports, we’re taking a look into the issues you reported. Could you share your IPSec config (minus PSKs) via DM?

You can disable hardware acceleration in the route 10 config window, under advanced, which does survive reboot.

barhom · June 4, 2026, 5:42pm

I just shared the site with Jeff to check.
We did disable hardware acceleration in that config window you mentioned - which worked. But I was worried that that disabled other hardware acceleration other than IPSEC.

austin.payne · June 4, 2026, 6:30pm

This appears to be due an issue in the offload module with the aes* family of ciphers. I’m stilling looking into getting those to fallback to software crypto, but in the mean time if you can switch to the aes*gcm16 family of ciphers, you will be able to turn hardware offload back on.