SG-5100 21.02 IPsec tunnels duplicate/incorrect status
-
SG-5100 upgrade to 21.02. I have about 25 IPsec tunnels. I only have maybe 5-10 up at anytime as I use these to connect/support remote networks and do not normally keep all up.
After upgrade I notice IPsec status is slow to refresh so I start disabling tunnels until it is fast again. I notice that after enabling one by one that some tunnels in Status, IPsec show green disconnected button at bottom but are actually connected and have another IPsec ID. These tunnels seem to cause the slowness of the UI status. If I disconnect one of those IDs and then reconnect at bottom it connects again but still shows this other ID instead. Some tunnels are OK and do not exhibit this behaviour. I have tried deleting these problem tunnels and recreating the IPsec on each end and still same issue. Any ideas why? I am thinking maybe something got corrupt and a backup/restore may work but I have to wait until weekend to do. -
To ensure you have all of the current known and fixed IPsec issues corrected, You can install the System Patches package and then create entries for the following commit IDs to apply the fixes:
-
@jimp Thanks, the target version is 2.5 can I use these for 21.02 or are there ones specific to the pfsense+ ?
-
That code should be the same for both
-
@jimp Thanks I applied all six patches and didn't even have to reboot - issue resolved instantly.
-
@jimp Hi there, I updated to 2.5 and found that my site-to-site IPSEC VPN connections were broken. I found this thread and installed the aforementioned patches which fixed the VPN (including the Status->ipsec page) but the ipsec status widget still seems to be broken, i.e., they show connected on the Status->ipsec page but show as down on the Widget->Tunnels tab.
Thanks