Version 2.4.1 Breaks IPsec Status Screen ?

barnettd · Oct 25, 2017, 3:11 PM

I updated to 2.4.1 on an SG-2440 with a dual wan failover config, and am no longer able to connect or disconnect IPsec tunnels. This was a critical function as IPsec does not seem to rebuild on the active WAN in a tiered failover config after a wan failure.

In the attached screenshot the IPsec status page now shows 2 entries for the same tunnel using the local IP for each WAN interface. Clicking Show child SA entries, Disconnect, or Connect VPN all have no effect.

I thought it might be a cache or browser issue, but its the same in IE, Chrome, and Firefox. Anyone else experiencing this?
![2.4.1 IPsec Status Screen.PNG](/public/imported_attachments/1/2.4.1 IPsec Status Screen.PNG)
![2.4.1 IPsec Status Screen.PNG_thumb](/public/imported_attachments/1/2.4.1 IPsec Status Screen.PNG_thumb)

wickeren · Oct 25, 2017, 3:48 PM

Yup, see my post here:
https://forum.pfsense.org/index.php?topic=138775.0

barnettd · Oct 25, 2017, 4:00 PM

Wow, bummer :(
Glad I haven't updated any production boxes, guess we just have to wait for the fix.

I did some quick testing on the WAN failover. It seems that now if a tier goes down, the IPsec tunnel can be rebuilt by clicking the stop service button, and then starting it back up a few seconds later.

Exordium · Nov 1, 2017, 8:10 AM

@barnettd:

I thought it might be a cache or browser issue, but its the same in IE, Chrome, and Firefox. Anyone else experiencing this?

Confirmed. -> https://forum.pfsense.org/index.php?topic=139163.0