IPsec configuration files lost after reboot.
-
You don't need to start IPsec from the CLI. pfSense will start the IPsec service on its own if you have everything setup and enabled properly.
You are most likely not passing the correct set of parameters for it to read the correct configuration.
-
Ok so how can i ensure that i have setup it correctly and it will be able to start the service its own.
-
Use the GUI to set it up, and have at least one enabled P1+P2, the rest should happen naturally.
Unless you are making manual modifications or trying to do something the GUI doesn't support, you shouldn't have to take any special steps here.
-
But the configuration came from the gui. Enabling mobile clients phase 1 + phase 2 and last l2tp. Thats it. When i am restarting the vm i issue the command ipsec status and nothing is appear. Clearly something is worng.
-
@artemis Hay
To help you answer the questions
Sorry for my English- during PF booting there is a message "Configuring IPsec VPN...done" ?
- After booting there is in the /var/etc/ipsec/ file strongswan.conf ?
- IFCONFIG shows that there is an enc0 interface after booting?
-
@Konstanti Hello and thank you for your reply.
- It shows that the IPsec VTI interface is done( Nothing about IPsec VPN and i saw the L2TP vpn configured ok)
2)There is no ipsec folder inside etc :( (It shows the l2tp but not the ipsec)
3)Yes there is an enc0 after booting.
- It shows that the IPsec VTI interface is done( Nothing about IPsec VPN and i saw the L2TP vpn configured ok)
-
@artemis enc0 UP or DOWN ?? after booting
-
It seems to be down.
-
@artemis This means that IPSEC is not enabled at boot time
Or missing phase 1
Or phase 1 is disabled -
This post is deleted! -
@konstanti Try to set IKEV2without the l2tp/IPSEC
From the documentation
We strongly recommend using another solution such as IKEv2 instead of L2TP/IPsec. -
-
@artemis Unfortunately, nothing is visible
-
@artemis https://www.netgate.com/docs/pfsense/book/ipsec/mobile-ipsec.html
-
Ok. To describe it, am showing you that the phase1 is enabled from the gui and the interface is not up.
-
@artemis
When booting the PF checks whether it is enabled to initialize IPSEC
If not , enc0 set to down
And files strongswan.conf, ipsec.conf,..... not createdTry to configure access using IKEV2 without l2tp
-
Ok how can i say to my pfsense to check the IPsec on the boot, because as i told you before it doesnt check it. My remote hosts do not support ikev2
-
@artemis he picture shows that phase 1 is disabled from gui (your configuration)
Phase 1 is enabled (my configuration)
-
Right now i am feeling that i want to dig a hole and put myself in. I thought that green (Enabled) was the status of the phase 1. Omg and the worst part is that i am a network engineer(CCNP). OMG. Thank you very much.
-
@artemis said in IPsec configuration files lost after reboot.:
I thought that green (Enabled) was the status of the phase 1.
There is a big difference between Enable and Enabled.
