Pfsense 2.4.3 ipsec.conf is not updated
-
I have two pfsense box (same version) that i am tring to configure IPSec, then recently noticed one of them even i see the UI configuraiton,
ipsec.conf file is not getting updated.-Tried , reboot , stop restart the ipsec service, re-create the ipsec configuraiton nothing happens , only i have seen below configuration is not changing.
This file is automatically generated. Do not edit
config setup
uniqueids = yesconn bypasslan
leftsubnet = 192.168.2.0/24
rightsubnet = 192.168.2.0/24
authby = never
type = passthrough
auto = routeDo you have any idea ?
-
You'll have to provide more details. What have you done? What is the IPsec configuration that is not contained in that file? You probably want to post screenshots of what you have done.
-
Information :
Box 1
Interfaces
WAN -> Currently is down.
WAN2 -> Up and running (Default Gateway) Public IP : 33.33.33.33 (Security reason is the fake)
WLAN1 -> WPA-ENT -> EAP -TLS Radius using external wifi access point. (192.168.25.0/24)
WLAN2 -> WPA-PSK
LAN -> Up and running.No issues with internet connection.
Box 2
WAN -> up and running Public IP : 44.44.44.44 (security resaons it is the fake)
LAN -> 10.10.35.0/24The issue happens in box1.
-No issues between Firewall access on ports 500 , 4500 between boxes.You can see in attached pictures I already configured IPSec. (Previously it was working )
But interestingly , the configuration it is not visible in /var/etc/ipsec/ipsec.conf .
In second box i can see all the configuration (for 2nd box) is present in ipsec.conf file updated correctly.I have compared file rights are same both in the box with ls -l
-rw-r–r-- 1 root wheel 207 Apr 29 15:18 ipsec.confEven i make a change on UI , deleting and recreating IPSec configuration it doesnt updating ipsec.conf file in box1.
-
You have the IPsec on WAN but you say it is currently down. Is WAN disabled?
-
May be this is interesting.
/vpn_ipsec.php: IPsec ERROR: Could not find phase 1 source for connection . Omitting from configuration file. -
Of Course you right it is totally my mistake :) it should be in WAN2 ….. thanks a billion.