Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec service unresponsive

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcarson75
      last edited by mcarson75

      Running pfsense 2.5.0 with the IPSec patches listed below installed. I have two IPSec tunnels, and I noticed that they are both down. When I try to go to Status -> IPsec it only says "Collecting IPsec status information" and never updates anything further. If I go to Status -> Services it shows the IPSec service is running. Clicking restart on the service didn't seem to do anything, so I tried to stop the service instead and the service does not stop. Logs show no activity related to IPSec connection, and nothing is logged when I try to start/stop the service. (Start/stop occurred around 18:59)

      Mar 20 03:42:32	charon	71502	04[ENC] no message rules specified for this message type
Mar 20 03:42:32	charon	71502	04[NET] received unsupported IKE version 0.0 from 146.88.240.4, sending INVALID_MAJOR_VERSION
Mar 20 12:31:26	charon	71502	03[KNL] 10.8.0.17 disappeared from ovpnc6
Mar 20 12:31:26	charon	71502	03[KNL] interface ovpnc6 deactivated
Mar 20 12:31:27	charon	71502	03[KNL] interface ovpnc6 activated
Mar 20 18:16:06	charon	71502	00[DMN] SIGTERM received, shutting down
Mar 20 18:16:58	charon	71502	03[KNL] interface enc0 deactivated
Mar 20 18:17:10	charon	71502	03[KNL] interface enc0 activated

      IPSec patches:
      #11435 (two different patches)
      #11442
      #11486
      #11487
      #11488

      I will try restarting the firewall when I get a chance to see if this fixes the service, but wondering what the issue is here? I have another box with IPSec tunnels I was actually going to upgrade the evening, but I want to get this sorted first.

      UPDATE: Service returns to normal after rebooting firewall.

      1 Reply Last reply Reply Quote 1
      • cibiriC
        cibiri
        last edited by

        Hello mcarson75,
        I had the same issue yesterday in one of our production Firewalls. This Firewall is running version 2.5.1 and it has several IPsec tunnels. I couldn't get it back until I rebooted the whole pfsense, after the reboot it works fine.

        Did you encounter other issues after the reboot related to IPsec tunnels?

        Regards,

        Christian

        M 1 Reply Last reply Reply Quote 0
        • M
          mcarson75 @cibiri
          last edited by

          @cibiri Haven't rebooted since the upgrade completed. I'll give it a shot this weekend.

          cibiriC 1 Reply Last reply Reply Quote 0
          • cibiriC
            cibiri @mcarson75
            last edited by

            @mcarson75 Thank you for your answer.
            I'm going to keep an eye in our pfsense :)

            Have a nice weekend

            M 1 Reply Last reply Reply Quote 0
            • M
              mcarson75 @cibiri
              last edited by

              @cibiri Reboot made no difference in my case. I still cannot initiate this IPSec tunnel from this end. It worked as expected in 2.5.0.

              1 Reply Last reply Reply Quote 0
              • C
                ChrisT
                last edited by

                I have the same issue with version 21.02.2

                I have several IPSec tunnels but one of them is causing the problem. When I press the "Connect" button while I'm at the Status/IPSec, then immediately the page is getting stuck in the "Collecting IPsec status information".

                Then all the IPSec tunnels are going down, although the IPSec service is still running.

                If I delete the tunnel that is causing the problem and specifically one of the Phase2 entries and then if I restart the IPSec service, the everything comes back.

                I am currently communicating with the Netgate support to find the cause of the problem. Maybe this is a CARP issue according to them.

                Another weird thing that I have is that I experience constant ping timeouts with traffic that leaves or enters my Internet line (including the IPSec) and when all the tunnels are down, then these ping timeouts disappear. But this is another story and unrelated to the topic.

                cibiriC 1 Reply Last reply Reply Quote 0
                • cibiriC
                  cibiri @ChrisT
                  last edited by

                  @christ what a strange behavior, after I restarted my PfSense I didn't have any problem related to IPsec or another thing, perhaps I did some incorrect configuration at that time.

                  I'll update you guys if I have another problem related to this.

                  Let me know if I can help you :)

                  Regards,

                  Christian

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.