IPSec service unresponsive
-
Running pfsense 2.5.0 with the IPSec patches listed below installed. I have two IPSec tunnels, and I noticed that they are both down. When I try to go to Status -> IPsec it only says "Collecting IPsec status information" and never updates anything further. If I go to Status -> Services it shows the IPSec service is running. Clicking restart on the service didn't seem to do anything, so I tried to stop the service instead and the service does not stop. Logs show no activity related to IPSec connection, and nothing is logged when I try to start/stop the service. (Start/stop occurred around 18:59)
Mar 20 03:42:32 charon 71502 04[ENC] no message rules specified for this message type Mar 20 03:42:32 charon 71502 04[NET] received unsupported IKE version 0.0 from 146.88.240.4, sending INVALID_MAJOR_VERSION Mar 20 12:31:26 charon 71502 03[KNL] 10.8.0.17 disappeared from ovpnc6 Mar 20 12:31:26 charon 71502 03[KNL] interface ovpnc6 deactivated Mar 20 12:31:27 charon 71502 03[KNL] interface ovpnc6 activated Mar 20 18:16:06 charon 71502 00[DMN] SIGTERM received, shutting down Mar 20 18:16:58 charon 71502 03[KNL] interface enc0 deactivated Mar 20 18:17:10 charon 71502 03[KNL] interface enc0 activated
IPSec patches:
#11435 (two different patches)
#11442
#11486
#11487
#11488I will try restarting the firewall when I get a chance to see if this fixes the service, but wondering what the issue is here? I have another box with IPSec tunnels I was actually going to upgrade the evening, but I want to get this sorted first.
UPDATE: Service returns to normal after rebooting firewall.
-
Hello mcarson75,
I had the same issue yesterday in one of our production Firewalls. This Firewall is running version 2.5.1 and it has several IPsec tunnels. I couldn't get it back until I rebooted the whole pfsense, after the reboot it works fine.Did you encounter other issues after the reboot related to IPsec tunnels?
Regards,
Christian
-
@cibiri Haven't rebooted since the upgrade completed. I'll give it a shot this weekend.
-
@mcarson75 Thank you for your answer.
I'm going to keep an eye in our pfsense :)Have a nice weekend
-
@cibiri Reboot made no difference in my case. I still cannot initiate this IPSec tunnel from this end. It worked as expected in 2.5.0.
-
I have the same issue with version 21.02.2
I have several IPSec tunnels but one of them is causing the problem. When I press the "Connect" button while I'm at the Status/IPSec, then immediately the page is getting stuck in the "Collecting IPsec status information".
Then all the IPSec tunnels are going down, although the IPSec service is still running.
If I delete the tunnel that is causing the problem and specifically one of the Phase2 entries and then if I restart the IPSec service, the everything comes back.
I am currently communicating with the Netgate support to find the cause of the problem. Maybe this is a CARP issue according to them.
Another weird thing that I have is that I experience constant ping timeouts with traffic that leaves or enters my Internet line (including the IPSec) and when all the tunnels are down, then these ping timeouts disappear. But this is another story and unrelated to the topic.
-
@christ what a strange behavior, after I restarted my PfSense I didn't have any problem related to IPsec or another thing, perhaps I did some incorrect configuration at that time.
I'll update you guys if I have another problem related to this.
Let me know if I can help you :)
Regards,
Christian