IPsec kernel panic when enabling MSS clamping
-
I can crash the web interface by setting 'Enable MSS clamping on VPN traffic'. Does not matter if I enter a value or keep it blank.
Same issue when using net.inet.ipsec.directdispatch = 0.
Same issue after a a reset of all settings.
Even after a reboot the web interface does not respond. I have to connect a display and keyboard to the pfSense box and reset all settings to be able to work with the web interface again.
-
This is related to a bug in FreeBSD which has been corrected in newer versions.
I recorded it here https://redmine.pfsense.org/issues/4699 for follow-up. -
Is there an easy way for me to resolve this problem right now so that I can work with IPsec?
-
It will be when the patch referenced is put on the snapshots of snapshots.pfsense.org.
Monitor the issue on redmine to have you notify when that is done. -
@ermal:
It will be when the patch referenced is put on the snapshots of snapshots.pfsense.org.
Monitor the issue on redmine to have you notify when that is done.Ok thanks!
-
Coming back to this and re-checking i was not able to see this.
Can you specify if this is a kernel panic or just the webgui?
-
Yes, it completely crashes the webgui. How can I resolve this or help resolving this issue? Strange no one ever seemed to have encountered this same problem?
-
I think you are victim of a bad upgrade here!
Can you show the system logs when this happens? -
@ermal:
I think you are victim of a bad upgrade here!
Can you show the system logs when this happens?I'm running a clean install - but - I did reset my settings a couple of times. I've exported my config and there is no mention of mss clamping. I'll reproduce asap and share the outcome here.
-
I can reproduce it by clean installing pfSense, enabling IPsec and activate mss clamping. No more webgui, no more ssh as soon as I submit. I tried searching the logs via an attached display and keyboard but could not find anything suspicious.