IPSec status display in 2.4.1



  • After upgrading one of my SG-4680's from 2.3.4 to 2.4.1 over the weekend, the IPSec status display does some "interesting" things.

    First, as tunnels come up, rather than update the existing line items for the tunnels (and moving them above inactive ones), webGUI creates new entries displaying the phase 1 SA details without the descriptive identifier from the configuration. This makes it difficult to identify a particular SA without knowing the peer's IP address.

    Second, these new entries include non-functional buttons to show phase 2 SA's. The only phase 2 status is available from the SPDs tab.

    I have more than 100 tunnels in my configuration, with anywhere from 25-30 active at any one time. Exporting and re-importing the IPSec section of config.xml doesn't resolve the issue, so it's not an obvious XML parsing problem. The issue also persists across reboots and theme changes (changing from the default theme to one like "pfSense Dark" or "Compact Red" doesn't resolve the issue). This device's HA peer still runs 2.3.4 and doesn't exhibit this behavior.


  • Banned

    Update to 2.4.2.



  • Huh. Must have missed the release announcement. I'll drop it in and re-test.


Log in to reply