2.5.1 VPN fix for those with virtual IP.
-
This is a better fix to my old post.
I upgraded from 2.4.x to 2.5.1 and found all my vpn connections broken. To fix in your Phase 1, change 'My identifier' from 'My IP Address' to 'IP Address' and enter a real ip address.
long story: after doing swanctl --list-conns I realized that the local ip of the connection was set to a virtual ip for the WAN port. So no wonder ike didn't find a corresponding config. Sure enough /var/etc/ipsec/swanctl.conf listed a different ip even though config.xml is using 'wan'.
The issue is the local address of WAN in /var/etc/ipsec/swanctl.conf file is being filled with the first ipaddress in ifconfig, not from a config file. So if you have virtual ip on your WAN connection, your vpn may or may not work depending on the order in which ip addresses are being applied to your interface. -
@draconpern could this be related to this bug ?
https://redmine.pfsense.org/issues/11545
-
@mfld It is indeed!