IPSEC will not apply setting



  • After i upgrade to 2.4.4p3 my pfsense is acting crazy. I am unable to apply IPSEC setting / change unless i reboot the box.

    It stuck on "The IPsec tunnel configuration has been changed. The changes must be applied for them to take effect." and if i wait long enough it will go into 504 ngix timeout

    this is what i get on syslog

    Jul 11 13:31:34 php-fpm /vpn_ipsec.php: WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration.


  • LAYER 8 Netgate

    What else is logged there?



  • nothing just these log i can't understand why... it on a brand new hardware dell

    From IPSEC LOG
    Jul 22 08:56:31 charon 11[IKE] <con3000|563> nothing to initiate
    Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating new tasks
    Jul 22 08:56:31 charon 11[NET] <con3000|563> sending packet: from 100.19.77.74[500] to 216.164.171.58[500] (108 bytes)
    Jul 22 08:56:31 charon 11[ENC] <con3000|563> generating INFORMATIONAL_V1 request 3146799562 [ HASH N(DPD_ACK) ]
    Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating ISAKMP_DPD task
    Jul 22 08:56:31 charon 11[IKE] <con3000|563> activating new tasks
    Jul 22 08:56:31 charon 11[IKE] <con3000|563> queueing ISAKMP_DPD task
    Jul 22 08:56:31 charon 11[ENC] <con3000|563> parsed INFORMATIONAL_V1 request 1238973164 [ HASH N(DPD) ]
    Jul 22 08:56:31 charon 11[NET] <con3000|563> received packet: from 216.164.171.58[500] to 100.19.77.74[500] (108 bytes)
    Jul 22 08:56:31 charon 11[MGR] IKE_SA con3000[563] successfully checked out
    Jul 22 08:56:31 charon 11[MGR] checkout IKEv1 SA by message with SPIs 9d5e1f8e6adf1cbe_i e26f984e1fc164ba_r
    Jul 22 08:56:23 charon 11[MGR] <con1000|559> checkin of IKE_SA successful
    Jul 22 08:56:23 charon 11[MGR] <con1000|559> checkin IKE_SA con1000[559]
    Jul 22 08:56:23 charon 11[MGR] IKE_SA con1000[559] successfully checked out
    Jul 22 08:56:23 charon 11[MGR] checkout IKEv1 SA with SPIs 68e88993f39f80e4_i c2379c57f6bf9e70_r
    Jul 22 08:56:22 charon 11[MGR] <con3000|563> checkin of IKE_SA successful
    Jul 22 08:56:22 charon 11[MGR] <con3000|563> checkin IKE_SA con3000[563]
    Jul 22 08:56:22 charon 11[IKE] <con3000|563> nothing to initiate
    Jul 22 08:56:22 charon 11[IKE] <con3000|563> activating new tasks
    Jul 22 08:56:22 charon 11[ENC] <con3000|563> parsed INFORMATIONAL_V1 request 3928395168 [ HASH N(DPD_ACK) ]
    Jul 22 08:56:22 charon 11[NET] <con3000|563> received packet: from 216.164.171.58[500] to 100.19.77.74[500] (108 bytes)
    Jul 22 08:56:22 charon 11[MGR] IKE_SA con3000[563] successfully checked out

    From System log
    Jul 22 08:00:07 check_reload_status Reloading filter
    Jul 22 04:00:24 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
    Jul 22 05:00:04 php [pfBlockerNG] Starting cron process.
    Jul 22 05:00:04 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jul 22 09:00:04 check_reload_status Reloading filter
    Jul 22 05:00:37 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
    Jul 22 06:00:03 php [pfBlockerNG] Starting cron process.
    Jul 22 06:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jul 22 10:00:03 check_reload_status Reloading filter
    Jul 22 06:01:09 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
    Jul 22 06:14:21 ix-pfsense.inolex.local nginx: 2019/07/22 06:14:21 [error] 9680#100494: *154050 "/usr/local/www/english/index.php" is not found (2: No such file or directory), client: 185.114.76.44, server: , request: "GET http://www.rfa.org/english/ HTTP/1.1", host: "www.rfa.org"
    Jul 22 07:00:07 php [pfBlockerNG] Starting cron process.
    Jul 22 07:00:07 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jul 22 11:00:07 check_reload_status Reloading filter
    Jul 22 07:05:06 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
    Jul 22 07:31:31 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
    Jul 22 07:31:33 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
    Jul 22 08:00:03 php [pfBlockerNG] Starting cron process.
    Jul 22 08:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jul 22 12:00:03 check_reload_status Reloading filter
    Jul 22 08:00:20 php [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
    Jul 22 08:25:22 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
    Jul 22 08:25:24 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
    Jul 22 08:34:18 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
    Jul 22 08:34:20 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
    Jul 22 08:44:24 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:26 to 00:11:32:6b:64:25 on igb0
    Jul 22 08:44:26 kernel arp: 192.168.100.80 moved from 00:11:32:6b:64:25 to 00:11:32:6b:64:26 on igb0
    Jul 22 12:57:31 php-fpm /status_logs.php: Successful login for user 'admin' from: 192.168.102.247 (Local Database)
    Jul 22 09:00:03 php [pfBlockerNG] Starting cron process.
    Jul 22 09:00:03 php /usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'igb0' delete '172.16.0.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jul 22 13:00:03 check_reload_status Reloading filter


Log in to reply