Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN

    General pfSense Questions
    3
    3
    278
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alex992
      last edited by

      After creation and connection, ipsec VPN status shows one phase1 and two phase 2 connection.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Impossible to say without more information there but that's not necessarily a problem.

        Can we assume that there is only one phase 2 config?

        If it's set to make before break for example that can still be fine. As long as it moves traffic to the new SA after it's created.

        Steve

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If you just see two, it's probably OK and a normal part of (re)negotiation depending on which side does what.

          If you get more and they start piling up, then you might need to adjust the settings:

          https://docs.netgate.com/pfsense/en/latest/troubleshooting/ipsec-duplicate-sa.html

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.