ipsec.conf not updating
-
I am on the latest pfsense release (2.4.3) trying to setup a site-to-site tunnel to a Cisco ASA over the WAN. I went through the GUI and confirmed the settings match, but the tunnel was failing to connect. After much troubleshooting, it turns out that /var/etc/ipsec/ipsec.conf on the pfsense is not updating with any of the settings. It just shows the following:
This file is automatically generated. Do not edit
config setup
uniqueids = yesconn bypasslan
leftsubnet = 192.168.10.0/23
rightsubnet = 192.168.10.0/23
authby = never
type = passthrough
auto = routeIf I manually edit the ipsec.conf and restart ipsec via command line, it will read keep my updated settings and start to work like it should... But the file will get overwritten back to what's above with any changes in the GUI.
Seems like a bug, is anyone else having this issue?
-
Is the tunnel enabled?
No, that is likely not a bug and is likely something you are doing incorrectly. You probably want to post your actual IPsec config screen shots.
-
Thank you for your response, yes the tunnel is enabled.
I have attached screen shots of the config to show the settings I have used that are no where in ipsec.conf... I am very curious as to what I did wrong.
-
It looks like somehow that is partially configured as a remote access/mobile VPN. Notice that the Mobile Clients tab is active and you have no remote network configuration controls.
I'm not quite sure how it would have ended up like that. Delete the P2 and P1 and make sure mobile client support is diabled on the Mobile Clients tab, then try again.
-
Thank you! deleting P1/P2 and recreating them works now.