IPSEC has deadlocks/Timeouts ?! with 1.23

  • Hello,

    all IPSEC Tunnels are up and running with 1.23, time delays between the tunnel endpoints are also OK, but all 5 seconds e.g. RDP Sessions have timeouts…. during this timeouts the pings are OK. I don´t know why??

    I have tested Seth "image" with the ipsec changes and all runs fine. I think, a modification in 7.1 make this trouble....

    I have made a downgrade to 1.22 and the IPSEC works as it should!


  • Actually you need to adjust some sysctl of end interface which specify what gets filtered. This are on 2.0 already

  • What can i do? Concretely? :'(

    Thanks Ermal?

  • In /etc/rc.bootup add there near the comment
    /* start IPsec tunnels */

    exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000");
    exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
    exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000");
    exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");

    save and reboot.

  • Great Thanks!

    I will try!

  • I have made the changes in rc.bootup and it looks good for the first test!

    But i wouldn´t make this changes to any of my pfsenses…. ;) Is it possible to make a "commit" in 1.23??

  • I'm using 2.0 on a alix and am having these same issues.  I looked in the rc.bootup file and these statements are not listed.  when I edit the file I cannot save because it tells me it is a read only file.  Is it because it is an embedded firmware or lack of knowledge using VI?  I first tried to do this in the gui and in failing moved to command line using VI.


  • please post on 2.0 and those commands are already there.

Log in to reply