2.1 ipsec broken

ccb056 · Nov 15, 2013, 3:29 AM

It seems that somewhere between 2.0.3 and 2.1 ipsec got broken.

I notice this happens a lot when my modem restarts. It will bring down the ipsec tunnel (obviously).
However, in 2.0.3 when the modem comes back the ipsec tunnel comes back up.
In 2.1 the tunnel doesn't come back until racoon is restarted.

:(

Thowie · Dec 5, 2013, 9:00 PM

Hi,
ive got the same error. Sometimes the phase1 dont get up… And i don't see any try in the logs of racoon... But on the other side ( draygtek router ) i see that the router try it every 30 seconds.
But in racoon no logline.
After i restart racoon everything works great...
MfG
Thomas

ccb056 · Dec 11, 2013, 10:24 PM

I have created a bug in redmine for this:

https://redmine.pfsense.org/issues/3321

ccb056 · Apr 14, 2014, 11:10 PM

This is broken again in 2.1.2

cmb · Apr 15, 2014, 1:39 AM

Nothing related to this changed from 2.1.1 to 2.1.2, very few things changed at all between, it was only a few days. Going to need more info.

ccb056 · Apr 15, 2014, 1:53 AM

Chris, it's pretty easy to replicate.

Get an IPSEC tunnel running on a 2.1.2 amd64 box, powercycle the modem on the pfsense box, and then watch how racoon never brings the tunnels back when the modem regains connection.

Thowie · Apr 28, 2014, 9:22 AM

Hello,
the error still exists in Version 2.1.2… You cant see any logs... but the tunnel won't get up... If you resart racoon or reboot the firewall everything works...
FYI: We installed pfsense in vmware and use carp ip for vpn.
and we updated from running pfsense 2.03 boxes...

THX

doktornotor · May 3, 2014, 2:02 PM

Anyone to post some real info here? "Oh noes it (still) no workie" is absolutely useless…. WFM.

mix_room · May 8, 2014, 8:07 AM

THIS thread also has problems with IPSec and CARP. Likely the issue is related.