PFSense 2.5 -> IPSec Widgets shows wrong state

MarcO42

Hi,
after updating to 2.5 the IPSec Widgets shows my tunel offline. But its online.
Did anyone else have the same issue?
Cheers
Marco

viktor_g

@marco42 you need to apply some patches,
see https://forum.netgate.com/topic/161159/client-ipsec-eap-vpn-does-not-work-after-upgrade-to-2-5release/6

MarcO42

@viktor_g Many thx for the hint. This solved my problem with the widget. :) Stay save and healthy:)

peterzy

@viktor_g

I can confirm applying patches:

https://github.com/pfsense/pfsense/commit/95a4e1a0e42392fe4523bf769589f74864446f8c.patch
https://github.com/pfsense/pfsense/commit/4e5857b656c7bfd59efadbb9a124876a5516c7df.patch

Solves the problem.

However, please note that, status pages of both ipsec and openvpn became extremely slow in 2.5 if you have a little more tunnels. In my case around 10 ipsec and around 150 openvpn

MarcO42

@viktor_g Hi, I had installed all the patches and it worked .... until I setup another VPN tunnel. now both are shown as offline. :(
Any ideas?
Cheers
Marco

kitdavis

@marco42 I am seeing something similar on the IPSec status page. I have 18 IPSec connections that are all working. However on the status page, 50% of these connections show up twice. First the connection shows up with a blank name but shows there is a connection:

Then the connection shows up at the bottom of the status screen using the title and shows it is disconnected:

MarcO42

Currently I have only one of two connections online but yes. It looks like this:

Gianluca 0

@marco42 same issue. I've got only one Ipsec Vpn displayed correctly, and I don't know why.

bingo600

On 2.4.5-p1 some of my OpenVPN Status'es also show up as down.
Seems to occur after short ouages , but only for some of them.

I have added the "Gateway widget" , and trust that instead. You'll get latency time and loss ,as a "Bonus" on the Gateway widget.

/Bingo

peterzy

I hope 2.5-p1 will come up soon :)

MarcO42

@bingo600 said in PFSense 2.5 -> IPSec Widgets shows wrong state:

I have added the "Gateway widget" , and trust that instead. You'll get latency time and loss ,as a "Bonus" on the Gateway widget.

Hi Bingo,
but how do you get the IPSec conntections to the Gateway widget? I can only see my "Internet Gateways" (IPv4 and IPv6)
/Marco

bingo600

@marco42
Aren't those Lan to Lan tunnels ?

I don't have any IPSec tunnels , only OpenVPN with an interface per tunnel.
But I did expect IPSec L2L tunnels to use gateways too. And they would show up there.

I might have misunderstood how pfSense handles IPSec L2L

/Bingo

Edit:
Here's how my GW's look , 1 x OpenVPN L2L , and 3 x RoadWarrior servers

MarcO42

@bingo600 said in PFSense 2.5 -> IPSec Widgets shows wrong state:

Bingo

Hi,
yes, its a side2side or lan2lan configuration and its not so nicely shown in the Getaway widget.