Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN overview not working properly

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 985 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      geocast
      last edited by

      Good Morning

      Since a few day I been having trouble with the IPSEC overview diag_ipsec.php
      When I try to open it, it either takes ages to load (Can take up to 5 Min) or it doesn't load at all.
      Towards that I had the issue, that all VPNs would crash (currently 38 in total) after a few minutes.

      First it was the issue that the kern.ipc.nmbclusters was to small. I raised it to 1.000.000 and since then I had no more issues with this.
      The VPN crashes seem to have ceaset since I reinstalled pfsense over itself.
      But the trouble with the overview is still a problem

      The only thing I can find are these logs

      Oct 13 08:51:39 fw php-fpm[31282]: /diag_ipsec.php: XML error: Mismatched tag at line 2 in /tmp/smp_status.xml
      Oct 13 10:01:33 fw php-fpm[19611]: /diag_ipsec.php: Error during reading of status from IPsec

      and a crash report

      PHP Errors:
      [13-Oct-2015 09:07:05 Europe/Zurich] PHP Fatal error:  Maximum execution time of 900 seconds exceeded in /etc/inc/xmlparse.inc on line 84

      Filename: /var/crash/minfree
      2048

      I'm running PFSence on an Alix APU 1D4 with PFsense 2.2.4
      Addons I only have pfblockerng, which I uninstalled to test, but no results.

      Any advice what to do next?

      Thanks!

      EDIT:

      Just saw that I can't even stop the IPSEC service. When I press Stop, it says it's been stoped and carries on and the VPNs won't start either

      Logs from IPSEC are justed flooded with

      charon: 03[KNL] creating rekey job for CHILD_SA ESP/0x24a4dad5/83xxxx
      Oct 13 10:33:12 charon: 03[KNL] creating rekey job for CHILD_SA ESP/0x5c1c4cc5/8xxxx
      Oct 13 10:33:12 charon: 03[KNL] creating delete job for CHILD_SA ESP/0xd7aaa1e0/83.xxx

      1 Reply Last reply Reply Quote 0
      • G Offline
        geocast
        last edited by

        Seems to be linked to this problem

        https://forum.pfsense.org/index.php?topic=99604.0

        I've updated to the latest 2.2.5 Version today.

        Report back how I goes

        UPDATE:

        Seems to have done the charm.
        Issue that I have left, is that the SAD tab is flooded with entries. Most of them coming from the same IP.

        Is there a way to manualy clear all of them?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.