Pfsense 2.4.3 ipsec.conf is not updated



  • I have two pfsense box (same version) that i am tring to configure IPSec, then recently noticed one of them even i see the UI configuraiton,
    ipsec.conf file is not getting updated.

    -Tried , reboot , stop restart the ipsec service,  re-create the ipsec configuraiton nothing happens , only i have seen below configuration is not changing.

    This file is automatically generated. Do not edit

    config setup
    uniqueids = yes

    conn bypasslan
    leftsubnet = 192.168.2.0/24
    rightsubnet = 192.168.2.0/24
    authby = never
    type = passthrough
    auto = route

    Do you have any idea  ?


  • Netgate

    You'll have to provide more details. What have you done? What is the IPsec configuration that is not contained in that file? You probably want to post screenshots of what you have done.



  • Information :

    Box 1
    Interfaces
    WAN    -> Currently is down. 
    WAN2  -> Up and running (Default Gateway) Public IP : 33.33.33.33 (Security reason is the fake)
    WLAN1 -> WPA-ENT -> EAP -TLS Radius  using external wifi access point. (192.168.25.0/24)
    WLAN2 -> WPA-PSK
    LAN    ->  Up and running.

    No issues with internet connection.

    Box 2
    WAN -> up and running  Public IP : 44.44.44.44 (security resaons it is the fake)
    LAN ->  10.10.35.0/24

    The issue happens in box1.
    -No issues between Firewall access on ports 500 , 4500 between boxes.

    You can see in attached pictures I already configured IPSec. (Previously it was working )
    But interestingly , the configuration it is not visible in  /var/etc/ipsec/ipsec.conf .
    In second box i can see all the configuration (for 2nd box)  is present in ipsec.conf file updated correctly.

    I have compared file rights are same both in the box with ls -l
    -rw-r–r--  1 root  wheel  207 Apr 29 15:18 ipsec.conf

    Even i make a change on UI , deleting and recreating IPSec configuration it doesnt updating ipsec.conf file in box1.





  • Netgate

    You have the IPsec on WAN but you say it is currently down. Is WAN disabled?



  • May be this is interesting.
    /vpn_ipsec.php: IPsec ERROR: Could not find phase 1 source for connection . Omitting from configuration file.



  • Of Course you right it is totally my mistake :) it should be in WAN2 ….. thanks a billion.