IPsec Status Issue on pfSense 2.4.2
-
Hi,
I recently upgraded my pfSense software from 2.4.1 -> 2.4.2.
There is a strange issue on the IPsec Status page.
The VPN has only 1 P2 entry, but on the status page it shows 2, each with different statistics and ID.
Not sure if relevant, but when we were running v2.4.1, we were affected by this issue: https://redmine.pfsense.org/issues/8003
-
Are the numbers on both entries increasing? The status page had some issues before where it wasn't always showing you everything that was present in strongSwan, and now it is. It's possible those were always there but you were not seeing them.
It is not necessarily indicative of a problem, however. In your case it appears to have established a new P2 and the old one will expire shortly, based on the timers.
-
The tunnels are working properly.
I checked back a few mins later, the entry with the smaller 'Life' disappeared.
For another VPN (P1) entry, I manually pressed 'Disconnect' on the faulty P2, and it disappeared as well.
The strange part is the 'Rekey' was showing a negative number which was growing.
Before disappearing, the traffic on the faulty P2 appears to have been inactive.
-
The rekey being negative is something I'd expect to see in that case. The old P2 was didn't get rekeyed since a new P2 was established, so the older one was allowed to expire.
-
I checked back on the IPsec Status Page. The 2 P2 entries came back.
-
Same situation. It made a new P2 when it was time to rekey and switched over to that, the old one will expire naturally when its lifetime is over.
-
OK, Thanks for you insight!! 8)
