It looks like you're using the webgui cert as the server cert? It has to be a cert created against the server CA.
It also looks like the TLS key is different. Both ends must have the sane TLS key.
You also still have a bunch of routed tunnel settings like pushing routes and adding gateways. But I'd fix up the cert/key first before looking at that.
I found the issue I changed the OPT1 name and it would not change in the config.xml so it does not bind to the new name, I set it back to OPT1 after seeing that the config.xml did not recognize this as selected for upnp section of the code and it worked.
restarting only OSPFD produced nothing but restarting the pfsense 2.7.2 box output this on pfsense+ 24.03
2024-05-06 10:56:04.896 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor.
2024-05-06 10:56:09.660 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor.
2024-05-06 10:56:11.667 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor.
2024-05-06 10:56:22.682 [WARN] bgpd: [JG0WZ-7X009][EC 33554504] 10.255.255.254 unrecognized capability code: 128 - ignored
2024-05-06 10:56:24.339 [INFO] bgpd: [M59KS-A3ZXZ] bgp_update_receive: rcvd End-of-RIB for IPv4 Unicast from 10.255.255.254 in vrf default
There are several threads about boxes with N100 CPUs specifically where the default power settings in the BIOS interact unexpectedly with the speedshift driver in FreeBSD/pfSense.
You would usually add VIPs (IPAlias) on the WAN for each additional public IP. Then change the outbound NAT rules to manual and add rules for the internal subnets via the appropriate VIP.
@Gertjan Thanks , the trick at the end was "just " the cert , it is not mentionned explicilty in the post with the command but part of the actions to make.
For benefice of the Forum Q, command to run is
certctl rehash
This info is from PFsense Troublehoosting Manual
Solved !
Thanks !
I rediscovered this today restoring two 3100 configs to 2100s. Short version, clicking Save before clicking Apply does work. Clicking Apply first results in an inaccessible router (aside from console).
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.