-
Hi,
After upgrading from 2.7.2 to 2.8.0 after a few minutes I lose all my ipsec vpn tunnels.
they intially work just fine, but after some time traffic stops flowing
the tunnels show as up, but nothing gets routed anymore.
Is this a known issue ?
For now I reverted back to 2.7.2.
-
@jvangent100 said in Upgrade from 2.7.2 to 2.8.0 ipsec:
Is this a known issue ?
No.
Do you see blocked traffic in the firewall logs?
Do you see the packet counters on the tunnels increasing still? In either direction?
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
-
Same here.
We have multiple IPSec, both tunnel and VTI in a kind of hub & spoke layout.
Since "'central" pfSense have been migrated to 25.05 and well as some spoke pfSense, when IPSec starts, P1 & P2 connect and it works but after some time, while both P1 & P2 are still connected, no traffic goes trough IPSec links, I believe because gateways are seen as "off-line".I suspected dping issue but restarting dpinger doesn't help.
The only way to bring tunnel "on" (well, they are seen as "on" in IPSec status) is to stop then start again IPSec daemon.
Something wrong with reauthentication ?
I don't really know how to investigate further, not finding anything obviously wrong in logs. -
Hmm, so the tunnels show as up but no traffic passes including the dpinger traffic? You don't see the tunnel packet counters increasing? Restarting dpinger doesn't change anything?
-
Indeed behavior is exactly this one!
But I need to investigate further whenever some other changes applied. -
It looks like deactivating "make before break" on each side does the trick.
I will confirm hopefully in a couple of days. -
Mmm, I would run a pcap on the interface and see what, if anything, is being sent across the tunnel when it fails.
-
I definitely will do this next week and post here the results. Thank you
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.