2.5 upgrade broke some, not all, IPSEC
-
You might have to manually stop IPsec and then start it again from Status > Services to ensure the disabled parts are fully deactivated for this kind of test.
There is a problem with the status page showing incorrectly, that's already got a fix in (https://redmine.pfsense.org/issues/11435)
-
@jimp The service doesn't stop, even if doing manually from Status > Services. I click on the stop icon, and it just refreshes to another stop icon. The service never actually stops.
The tunnels are verified to still be up as they're passing traffic (I can reach the private IPs on the other ends).
Re the status page not appearing correctly, I actually have applied the following patches already:
ead6515637a34ce6e170e2d2b0802e4fa1e63a00
57beb9ad8ca11703778fc483c7cba0f6770657ac
c09137ab4726dc492c658c27b6c46e25f0fbb55b -
Do you have something like Service Watchdog setup which might be restarting it when it shouldn't be?
-
Nope. Nothing like that. It's pretty much a stock setup.
I've been informed that in addition to this IPSEC issue, SIP traffic is not passing. Unrelated items, yes. But both issues came after the update.
My concern is that there are things that have been mangled in the upgrade process, especially considering this box started as a MUCH earlier version of pfSense several years ago. We may have to simply export the config, spin up a fresh install and import the config across.
-
Before doing that you might want to reset your browser cache to make sure it isn't using outdated JS/CSS. Maybe something there is tripping up the service stop/start buttons.
-
@jimp Thanks Yeah, that wasn't it. I even switched browsers. Something is, I'm afraid, really wrong with this thing.
-
@gtoger make a config backup and then reinstall from scratch..then try restoring the config..see if that helps.
-
@hescominsoon It's not what I wanted to do, but I did it.
Did it solve the problem? Nope. Still have a failure to connect this tunnel.
Could it be that we're going between a pfSense CE and a pfSense+ on a Netgate device? Would seem awfully dang strange. But I'm convinced there's a bug here someplace.
-
Hello,
I can report the same problems with my VM - Hardware PFSense an Tunnels
BR
Martin -
Try to resave/reapply the Phase 1 parameters for your tunnels,
this could be related to https://redmine.pfsense.org/issues/11455 -
This thread is getting out of hand like the previous one. We need to keep each thread for ONE issue only, not for multiple unrelated things that happen to be in IPsec.
See my previous response at https://forum.netgate.com/post/964752
Before reporting any issues, please look at the list of recent IPsec issues and apply fixes/workarounds from there to eliminate known causes.
You can install the System Patches package and then create entries for the following commit IDs to apply the fixes:
ead6515637a34ce6e170e2d2b0802e4fa1e63a00
#1143557beb9ad8ca11703778fc483c7cba0f6770657ac
#1143510eb04259fd139c62e08df8de877b71fdd0eedc8
#11442ded7970ba57a99767e08243103e55d8a58edfc35
#11486afffe759c4fd19fe6b8311196f4b6d5e288ea4fb
#114872fe5cc52bd881ed26723a81e0eed848fd505fba6
#11488
Please refrain from replying to someone else's thread with a "me too" until there is confirmation that your issues are really the same and not just similar.
I'll split some of these off into their own threads if they don't already have them, but for now, this one is locked.