Any hints for this? The problem persists and the VPN is blocking 2-3 times per week, it's very annoying. And the same problem happen on two different pfSense installations, so I'm thinking about a miss-configuration or bug. Thank you!

By mistake posted this to Redmine as a 'potential' bug, but was told that they do not support this particular hardware. Would appreciate it if anyone else could potentially reproduce or add additional info that might make further investigation possible...

@daddygo Thanks for the information! It looks like spam : -) (vagy semmilyen eddigi nyelven nem értették meg a problémát és vérprofi google translate felhasználó)

Do you try Intel Quick Assist? It shouldn't be affected.

@richi44 I setup 51 tunnels on Netgate XG-7100 but the problem remains. After Apply changes, which takes more than 4 min Time Out 504 error shows. Could you help me to solve this problem? This is really bad if I want to make quick changes to my tunnels. Thank you.

@jeffsmith82 Freeradius framed-ip addresses. https://forum.netgate.com/topic/115795/guide-ikev2-ipsec-per-user-firewall-rule-settings-with-freeradius

What is their network configuration and what is yours. Did they order a NAT at the source? On the computer below pfsense did you make the route for them? I already had to create an S2S where they gave me a subnet that I should do NAT at the source. Because any traffic on the VPN coming from another subnet was blocked.

@lamaz oh boy /me so sorry only openVPN with nomadic users in use here ip-sec only for site2site sorry

@christ what a strange behavior, after I restarted my PfSense I didn't have any problem related to IPsec or another thing, perhaps I did some incorrect configuration at that time. I'll update you guys if I have another problem related to this. Let me know if I can help you :) Regards, Christian

@metisit Still no progress as I am facing some other issues here. Honestly I start thinking to revert to normal static IPSec, but the fact that I won't have to step in in the middle of a "crisis" and let BGP do its job, keeps my faith to this configuration. As soon as I solve the other issue that I have, I will give it a shot. According to Netgate support, what I mention at the beginning is totally reasonable and can happen. I'll keep you posted. Chris

I figured out the problem - I set up BiNat between several firewalls and determined that the problem was issolated to just the one (new) implementation. Realized that the default LAN to any rule specified the LAN net as the source, changing that to "any" allowed traffic to flow.