IPSec unstable since upgrade to 2.2
-
That's what backup are for :)
-
I have a config backup but not the install since I installed a version some revisions back. I could put that one up and spend time going from one version to the next or just install IPCop with the latest stable release. Since 2.2 is not a stable release there should be at least 1 version back available for download.
-
there should be at least 1 version back available for download.
http://files.nyi.pfsense.org/mirror/downloads/
-
I have also trouble with IPSec since upgrading from 2.1.5 to 2.2
My problem is that most of the tunnels are going down after the phase 1 lifetime expires. Restart of IPSec service does not help. I have to restart the whole firewall. After reboot all tunnels coming up automatically until again phase 1 lifetime expires…
Have anybody some idea?? THANKS!!
-
http://files.nyi.pfsense.org/mirror/downloads/
Thanks doc.
twaldorf, I found this happening too. Most of the time the phase 2 would come up after disconnecting and reconnecting the Phase 1. Note that if you have more than 1 Phase 2, only one of them will actually work even though the other show as up. Have you tried stopping and starting IPSec itself? Not just the Phase 1. I also use that a few times each day to get the link working again. I had to merge a few of my ip ranges at the various offices around the world to use a single range so that I could delete all the Phase 2s except 1.
-
I restarted the whole IPSec service. That didn't help. Also all (!) my tunnels have more than 1 phase 2, but only some of them are going down after phase 1 lifetime expires. For me it is no solution to reduce the number phase 2 because we have also an OpenVPN server running and want to allow all OpenVPN users to use the IPSec connections which is only possible if you tunnel the OpenVPN range to a second phase 2 in IPSec.
-
I just noticed something! The tunnels which are going down after phase 1 lifetime expires have ENABLED dead peer detection. The ones which are still alive after phase 1 lifetime expires have it DISABLED !
So it could be that there is an issue with DPD in pfSense 2.2 ???
-
DPD is already disabled on all my tunnels
-
DPD is already disabled on all my tunnels
The problem here is… that people with broken IPsec yet again recycled a thread for dumping all kinds of different issues here. There's is no generic "IPSec unstable" issue with a single cause.
Unless you are 300% sure you have exactly identical issue with the OP, kindly start your own thread, providing logs and relevant IPsec configuration bits.
-
There's is no generic "IPSec unstable" issue with a single cause.
For sure there IS SOME KIND of issue with IPSec after upgrading from 2.1.5 to 2.2
If have MANY different tunnels with different settings to all kinds of other firewalls (incl. pfSense, Cisco, WatchGuard, etc., etc., etc.). After upgrading 12 of 19 tunnels now have issues.
-
I have already started my own thread, but it's stalling.
Can't hurt to see what others do to find a solution for this -
For sure there IS SOME KIND of issue with IPSec after upgrading from 2.1.5 to 2.2
Please, read again. You won't get any issue fixed by posting generic rants and hijacking other people's threads with problems caused by something different (or caused by something unknown since people actually don't post any relevant info usable for debugging either.)
-
I have posted logs requested here: https://forum.pfsense.org/index.php?topic=87943.0
-
For sure there IS SOME KIND of issue with IPSec after upgrading from 2.1.5 to 2.2
Please, read again. You won't get any issue fixed by posting generic rants and hijacking other people's threads with problems caused by something different (or caused by something unknown since people actually don't post any relevant info usable for debugging either.)
OK - I will start my own thread. But I would like to know how many SINGLE threads needs to be opened until you and other see that THERE IS A GENERAL PROBLEM with IPSec since 2.2 !??!
-
so my 18 ipsec tunnels with multiple phase 2 on 2.1.5 and older have worked for over 5 years, connecting to cisco asa, sonicwalls, fortinets, watchguard and other pfsense firewalls.
after the upgrade i read the requirement to use main and also recommendation to switch to IKEv2, did all that and still problems persisted.
i did delete some tunnels completely and recreated from scratch and manually creating the phase 2, still problems.
decided to use only 1 phase 2 on all tunnels and ipsec is stable now, using main mode with IKEv1 and using IKEv2, but i need that second network back in the tunnels, so this weekend i will revert back to 2.1.5.
-
I have also trouble with IPSec since upgrading from 2.1.5 to 2.2
My problem is that most of the tunnels are going down after the phase 1 lifetime expires. Restart of IPSec service does not help. I have to restart the whole firewall. After reboot all tunnels coming up automatically until again phase 1 lifetime expires…
Have anybody some idea?? THANKS!!
May be the same like IPsec silenty dies?
Regards,
Peter -
It seems that I am experiencing the same issues/symptoms that are described with multiple P2.
There is quite a bit of information on this thread that I have tried already and some that I applied additionally.
The P1 remains up but no traffic are passed.I would like to know what can I do to help, going back to previous version is a easy thing to do, but if there is anything I can help with, please let me know, and I will be glad to do so.
-
Sorry to resurrect this thread… but I'm facing the same problems with an IPSec tunnel between two pfSense 2.2.4.
The problem really started after the upgrade.
-
The issue in this thread was solved several versions ago, you're not having the same issue. Please start a new thread describing what you're seeing.