Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC will not apply setting

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 384 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      paulhuynh81
      last edited by

      After i upgrade to 2.4.4p3 my pfsense is acting crazy. I am unable to apply IPSEC setting / change unless i reboot the box.

      It stuck on "The IPsec tunnel configuration has been changed. The changes must be applied for them to take effect." and if i wait long enough it will go into 504 ngix timeout

      this is what i get on syslog

      Jul 11 13:31:34 php-fpm /vpn_ipsec.php: WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What else is logged there?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          paulhuynh81
          last edited by

          nothing just these log i can't understand why... it on a brand new hardware dell

          From IPSEC LOG
          Jul 22 08:56:31 charon 11[IKE] <con3000|563> nothing to initiate
          Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating new tasks
          Jul 22 08:56:31 charon 11[NET] <con3000|563> sending packet: from 100.19.77.74[500] to 216.164.171.58[500] (108 bytes)
          Jul 22 08:56:31 charon 11[ENC] <con3000|563> generating INFORMATIONAL_V1 request 3146799562 [ HASH N(DPD_ACK) ]
          Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating ISAKMP_DPD task
          Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating new tasks
          Jul 22 08:56:31 charon 11[IKE] <con3000|563> queueing ISAKMP_DPD task
          Jul 22 08:56:31 charon 11[ENC] <con3000|563> parsed INFORMATIONAL_V1 request 1238973164 [ HASH N(DPD) ]
          Jul 22 08:56:31 charon 11[NET] <con3000|563> received packet: from 216.164.171.58[500] to 100.19.77.74[500] (108 bytes)
          Jul 22 08:56:31 charon 11[MGR] IKE_SA con3000[563] successfully checked out
          Jul 22 08:56:31 charon 11[MGR] checkout IKEv1 SA by message with SPIs 9d5e1f8e6adf1cbe_i e26f984e1fc164ba_r
          Jul 22 08:56:23 charon 11[MGR] <con1000|559> checkin of IKE_SA successful
          Jul 22 08:56:23 charon 11[MGR] <con1000|559> checkin IKE_SA con1000[559]
          Jul 22 08:56:23 charon 11[MGR] IKE_SA con1000[559] successfully checked out
          Jul 22 08:56:23 charon 11[MGR] checkout IKEv1 SA with SPIs 68e88993f39f80e4_i c2379c57f6bf9e70_r
          Jul 22 08:56:22 charon 11[MGR] <con3000|563> checkin of IKE_SA successful
          Jul 22 08:56:22 charon 11[MGR] <con3000|563> checkin IKE_SA con3000[563]
          Jul 22 08:56:22 charon 11[IKE] <con3000|563> nothing to initiate
          Jul 22 08:56:22 charon 11[IKE] <con3000|563> activating new tasks
          Jul 22 08:56:22 charon 11[ENC] <con3000|563> parsed INFORMATIONAL_V1 request 3928395168 [ HASH N(DPD_ACK) ]
          Jul 22 08:56:22 charon 11[NET] <con3000|563> received packet: from 216.164.171.58[500] to 100.19.77.74[500] (108 bytes)
          Jul 22 08:56:22 charon 11[MGR] IKE_SA con3000[563] successfully checked out

          From System log
          Jul 22 08:00:07 check_reload_status Reloading filter
          Jul 22 04:00:24 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
          Jul 22 05:00:04 php [pfBlockerNG] Starting cron process.
          Jul 22 05:00:04 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
          Jul 22 09:00:04 check_reload_status Reloading filter
          Jul 22 05:00:37 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
          Jul 22 06:00:03 php [pfBlockerNG] Starting cron process.
          Jul 22 06:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
          Jul 22 10:00:03 check_reload_status Reloading filter
          Jul 22 06:01:09 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
          Jul 22 06:14:21 ix-pfsense.inolex.local nginx: 2019/07/22 06:14:21 [error] 9680#100494: *154050 "/usr/local/www/english/index.php" is not found (2: No such file or directory), client: 185.114.76.44, server: , request: "GET http://www.rfa.org/english/ HTTP/1.1", host: "www.rfa.org"
          Jul 22 07:00:07 php [pfBlockerNG] Starting cron process.
          Jul 22 07:00:07 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
          Jul 22 11:00:07 check_reload_status Reloading filter
          Jul 22 07:05:06 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
          Jul 22 07:31:31 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
          Jul 22 07:31:33 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
          Jul 22 08:00:03 php [pfBlockerNG] Starting cron process.
          Jul 22 08:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
          Jul 22 12:00:03 check_reload_status Reloading filter
          Jul 22 08:00:20 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
          Jul 22 08:25:22 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
          Jul 22 08:25:24 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
          Jul 22 08:34:18 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
          Jul 22 08:34:20 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
          Jul 22 08:44:24 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
          Jul 22 08:44:26 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
          Jul 22 12:57:31 php-fpm /status_logs.php: Successful login for user 'admin' from: 192.168.102.247 (Local Database)
          Jul 22 09:00:03 php [pfBlockerNG] Starting cron process.
          Jul 22 09:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
          Jul 22 13:00:03 check_reload_status Reloading filter

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.