Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.4.3 ipsec.conf is not updated

    Scheduled Pinned Locked Moved IPsec
    6 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bpostaci
      last edited by

      I have two pfsense box (same version) that i am tring to configure IPSec, then recently noticed one of them even i see the UI configuraiton,
      ipsec.conf file is not getting updated.

      -Tried , reboot , stop restart the ipsec service,  re-create the ipsec configuraiton nothing happens , only i have seen below configuration is not changing.

      This file is automatically generated. Do not edit

      config setup
      uniqueids = yes

      conn bypasslan
      leftsubnet = 192.168.2.0/24
      rightsubnet = 192.168.2.0/24
      authby = never
      type = passthrough
      auto = route

      Do you have any idea  ?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You'll have to provide more details. What have you done? What is the IPsec configuration that is not contained in that file? You probably want to post screenshots of what you have done.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          bpostaci
          last edited by

          Information :

          Box 1
          Interfaces
          WAN    -> Currently is down. 
          WAN2  -> Up and running (Default Gateway) Public IP : 33.33.33.33 (Security reason is the fake)
          WLAN1 -> WPA-ENT -> EAP -TLS Radius  using external wifi access point. (192.168.25.0/24)
          WLAN2 -> WPA-PSK
          LAN    ->  Up and running.

          No issues with internet connection.

          Box 2
          WAN -> up and running  Public IP : 44.44.44.44 (security resaons it is the fake)
          LAN ->  10.10.35.0/24

          The issue happens in box1.
          -No issues between Firewall access on ports 500 , 4500 between boxes.

          You can see in attached pictures I already configured IPSec. (Previously it was working )
          But interestingly , the configuration it is not visible in  /var/etc/ipsec/ipsec.conf .
          In second box i can see all the configuration (for 2nd box)  is present in ipsec.conf file updated correctly.

          I have compared file rights are same both in the box with ls -l
          -rw-r–r--  1 root  wheel  207 Apr 29 15:18 ipsec.conf

          Even i make a change on UI , deleting and recreating IPSec configuration it doesnt updating ipsec.conf file in box1.

          ipsecprb1.PNG
          ipsecprb1.PNG_thumb
          IPSecprb2.PNG
          IPSecprb2.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You have the IPsec on WAN but you say it is currently down. Is WAN disabled?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • B
              bpostaci
              last edited by

              May be this is interesting.
              /vpn_ipsec.php: IPsec ERROR: Could not find phase 1 source for connection . Omitting from configuration file.

              1 Reply Last reply Reply Quote 0
              • B
                bpostaci
                last edited by

                Of Course you right it is totally my mistake :) it should be in WAN2 ….. thanks a billion.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.