ipsec.conf not updating



  • I am on the latest pfsense release (2.4.3) trying to setup a site-to-site tunnel to a Cisco ASA over the WAN. I went through the GUI and confirmed the settings match, but the tunnel was failing to connect. After much troubleshooting, it turns out that /var/etc/ipsec/ipsec.conf on the pfsense is not updating with any of the settings. It just shows the following:

    This file is automatically generated. Do not edit

    config setup
    uniqueids = yes

    conn bypasslan
    leftsubnet = 192.168.10.0/23
    rightsubnet = 192.168.10.0/23
    authby = never
    type = passthrough
    auto = route

    If I manually edit the ipsec.conf and restart ipsec via command line, it will read keep my updated settings and start to work like it should... But the file will get overwritten back to what's above with any changes in the GUI.

    Seems like a bug, is anyone else having this issue?


  • Netgate

    Is the tunnel enabled?

    No, that is likely not a bug and is likely something you are doing incorrectly. You probably want to post your actual IPsec config screen shots.



  • Thank you for your response, yes the tunnel is enabled.

    I have attached screen shots of the config to show the settings I have used that are no where in ipsec.conf... I am very curious as to what I did wrong.

    0_1528299216850_ipsec_enabled.png

    0_1528299225399_ipsec phase 1.png

    0_1528299236184_ipsec phase 2.png


  • Rebel Alliance Developer Netgate

    It looks like somehow that is partially configured as a remote access/mobile VPN. Notice that the Mobile Clients tab is active and you have no remote network configuration controls.

    I'm not quite sure how it would have ended up like that. Delete the P2 and P1 and make sure mobile client support is diabled on the Mobile Clients tab, then try again.



  • Thank you! deleting P1/P2 and recreating them works now.