Possible bug with multiple phase 2 entries
-
I have an IPsec tunnel configured on a 2.3.4 pfSense. The IPsec tunnel has 33 phase 2 entries with different remote subnets. This leads to an ipsec.conf configuration file having 33 separate connections for each phase 2 entry, which is fine. However, the problem is that each of these 33 connections has an "esp" parameter like this:
esp = 3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024,3des-md5-modp1024!
The ESP algorithm is repeated 33 times for every separate connection. Is this an expected behavior or it is a bug and is it actually affecting the IPsec tunnel in any way?
-
https://redmine.pfsense.org/issues/6263