Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec Status Issue on pfSense 2.4.2

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    7 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 2
      2fast4u2
      last edited by

      Hi,
      I recently upgraded my pfSense software from 2.4.1 -> 2.4.2.
      There is a strange issue on the IPsec Status page.
      The VPN has only 1 P2 entry, but on the status page it shows 2, each with different statistics and ID.
      Not sure if relevant, but when we were running v2.4.1, we were affected by this issue: https://redmine.pfsense.org/issues/8003
      Screenshot_112217_124120_PM.jpg
      Screenshot_112217_124120_PM.jpg_thumb
      Screenshot_112217_123645_PM.jpg
      Screenshot_112217_123645_PM.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are the numbers on both entries increasing? The status page had some issues before where it wasn't always showing you everything that was present in strongSwan, and now it is. It's possible those were always there but you were not seeing them.

        It is not necessarily indicative of a problem, however. In your case it appears to have established a new P2 and the old one will expire shortly, based on the timers.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • 2
          2fast4u2
          last edited by

          The tunnels are working properly.
          I checked back a few mins later, the entry with the smaller 'Life' disappeared.
          For another VPN (P1) entry, I manually pressed 'Disconnect' on the faulty P2, and it disappeared as well.
          The strange part is the 'Rekey' was showing a negative number which was growing.
          Before disappearing, the traffic on the faulty P2 appears to have been inactive.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The rekey being negative is something I'd expect to see in that case. The old P2 was didn't get rekeyed since a new P2 was established, so the older one was allowed to expire.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • 2
              2fast4u2
              last edited by

              I checked back on the IPsec Status Page. The 2 P2 entries came back.

              Screenshot_112217_015124_PM.jpg
              Screenshot_112217_015124_PM.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Same situation. It made a new P2 when it was time to rekey and switched over to that, the old one will expire naturally when its lifetime is over.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • 2
                  2fast4u2
                  last edited by

                  OK, Thanks for you insight!!ย  8)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.