vitaprimo last edited by
I've been bouncing back and forth in wether I should post this in general or under IPsec, as it seems it's only happening with VPN connections IPsec won. Anyway…
Last week after repeatedly failing setting up a VPN server because of issues with pfSense dropping or delivering modified data to hosts (https://forum.pfsense.org/index.php?topic=131763.0) I went pack to pfSense itself as a VPN host. Spent the day looking for the strongest ciphers compatible with Windows 8 and Apple devices and then moved to more pressing issues. The day before yesterday I tried to set a new site-to-site tunnel and at the first try I let it fail to gather some info from the logs but when I went to it they weren't any.
The last logging was from two earlier day at that point, I went to the Firewall dynamic log and tried connecting client-site and the connection came up but still no logs on ports 500, 4500 or IPsec. My devices can still connect (client-site, site-to-site I didn't finish setting up) but I have no logging whatsoever of anything happening. I went to the log settings and upped them to the one just before raw so I'm able to read them but nothing still.
I have Suricata installed and after setting up VPN I modified Suricata to block connections and set the IPS Mode to Inline which prompted me to disable some checks under the advanced system settings, NIC-related stuff. Yesterday that I noticed the no-logging thing I undid the changes: rechecked the boxes and set Suricata's IPS Mode to Legacy Mode but I still get no logging. I don't recall doing anything else that could've impacted IPsec logging.
Can I reset the logging module or something like that? I have no idea what to do. :/