IPSec reconnects after changing virtual ip address settings

  • Hello,

    we are using pfSense 2.3.4 with CARP HA.

    After deleting, modifying or adding new virtual ip addresses as IP v4 alias we recognize that some, but not all IPSec connections are reconnecting (phase 1).
    We did not tested if the issue is limitied to IP aliases or also occours while setup a IP address with a dedicated CARP ID.

    There is no pattern regarding the used CARP device or the IP v4 addresses. Even clicking the button "Save" on existing addresses without making any changes interrupts some IPSec connections.
    The modified ip address is not part of the ipsec configuration.

    It this just an normal wanted behaviour of pfSense, because there are technical depedencies or could this be a bug?

    Actually we are a little bit scared about this behaviour as the issue occured within business hours after deleting old ip addresses and the affected customers recognized the outage.
    As a workaround we will schedule such tasks to a timeframe outside of normal business hours.

    If needed i can provide more detailed information to our configuration.

    Best regards

Log in to reply