Unstoppable IPSec charon daemon and no tunnel is working

shpokas

Hi,
I upgraded pfSense from 2.5.0 to 2.5.1 and IPSec stopped working.
What's more, I cannot stop IPSec in any way, either from GUI or by killing charon.
Stopping from GUI does not seem to have any effect at all and I see nothing in the system.log or ipsec.log.
When I kill charon from terminal, I see this.

Apr 14 16:40:23 gw charon[35925]: 00[MGR] destroy all entries
Apr 14 16:40:23 gw ipsec_starter[88762]: charon has died -- restart scheduled (5sec)
Apr 14 16:40:28 gw ipsec_starter[88762]: charon (32453) started after 40 ms

When I enable high logging level of IPSec, I see these entries:

Apr 14 16:41:40 gw charon[32453]: 13[MGR] checkout IKEv1 SA by message with SPIs b842a166ba75a408_i 0000000000000000_r
Apr 14 16:41:40 gw charon[32453]: 13[MGR] created IKE_SA (unnamed)[10]
Apr 14 16:41:40 gw charon[32453]: 13[IKE] <10> no IKE config found for GW_A...GW_B, sending NO_PROPOSAL_CHOSEN
Apr 14 16:41:40 gw charon[32453]: 13[MGR] <10> checkin and destroy IKE_SA (unnamed)[10]
Apr 14 16:41:40 gw charon[32453]: 13[IKE] <10> IKE_SA (unnamed)[10] state change: CREATED => DESTROYING
Apr 14 16:41:40 gw charon[32453]: 13[MGR] checkin and destroy of IKE_SA successful
Apr 14 16:41:40 gw charon[32453]: 13[MGR] checkout IKEv1 SA by message with SPIs b842a166ba75a408_i cb3532f24ed15bef_r
Apr 14 16:41:40 gw charon[32453]: 13[MGR] IKE_SA checkout not successful

But this particular tunnel from GW_A to GW_B is disabled!
Actually, I even deleted configuration referring to GW_B completely, but it still appears in the ipsec.log.
I'd appreciate any help to stop this madness.
I've rebooted this pfSense twice.
Thanks a lot in advance.
shpokas

shpokas

@shpokas
This thread got me going and then using the same troubleshooting commands I found I am missing "Virtual IPv6 Address Pool" for mobile IPSec config. Once I did that, all was good.
How this was working before upgrade to 2.5.1 I have no explanation.