Pfsense 2.0 IPSEC wont route until RACOON is restarted
-
yes i am using version 2.0. the packages i have installed are:
country block
open-vm-tools
siproxd
snort -
I believe this may be the same issue I am having. Can you force this issue to occur, and if so, how?
For me, the two sure-fire triggers I have seen are:
*Connecting, even once, with a Cisco VPN client, and then disconnecting (after which noone can connect)
*Connecting with eg ShrewSoft, and then having the connected computer go into standby / hibernatePlease let me know, Id love to see this fixed and it looks like racoon has several issues going around. It would probably help the devs if we can isolate which issues are related and which are not.
-
You might also want to check http://ipsec-tools.sourceforge.net/ for similar reports.
E.g. discussion and proposed patch at http://sourceforge.net/mailarchive/forum.php?thread_name=20111026130911.GA26984%40zeninc.net&forum_name=ipsec-tools-devel
-
limecat, i cannot verify that it happens with a cisco vpn client. but when i tried putting the computer to sleep while the vpn connection was live with shrewsoft (as you mentioned,) Snort raised an alert and blocked me. once i released the block, shrewsoft connected and routed with no problem. so i cannot force the issue to re-occur. it is random as far as i can tell.
on another note, i would like to thank everyone who has taken the time to respond to my post.
-
dhatz, i read through the link you posted. correct me if i am wrong, but they are talking about creating new tunnels. my issue is not the tunnel creation, it is the routing after the tunnel is already up.
-
try turning off snort. I had to disable snort on my firewall because it was doing the same thing. Course with mine, I have only a single core proc and under full bandwidth (50mbit+) the CPU would go to 100% and start killing other procs. Turns out is was packet processing through snort that was killing ipsec.
-
i tried that already, it didn't change anything.
-
I can confirm I've got same problem with mobile Clients using ShrewSoft on 2 routers in different locations (ver 2.0 final, No additional packages are installed.) :
Its most likely: http://redmine.pfsense.org/issues/1351
-
Just had this same issue and it seems to be better by going to ipsec - phase1 of moble client - policy generation set to unique and propsal checking set to obey
http://forum.pfsense.org/index.php/topic,34646.msg197636.html#msg197636
Worked for me.
-
same problem here with mobile Clients using ShrewSoft on ver 2.0 final nanobsd, no additional packages installed
tunnel works well once then the tunnel establishes but nothing flows through it; i need to restart racoon to get it working again