• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot restart ipsec service, is there a way to determine if ipsec config has been loaded?

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 498 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gustavgans
    last edited by gustavgans Jun 16, 2021, 8:34 AM Jun 16, 2021, 8:34 AM

    I'm having trouble adding another IPSEC Phase2. One fireweall says "no child SA found" (although the left/right subnet config is the same on both sides).

    I suspect this is because the config has not been loaded, when checking on the CLI with "ipsec statusall" I don't see the Phase2 connection I've added via webinterface. In /var/etc/ipsec/ipsec.conf the Phase2 entry is there, though.

    Also, the "ipsec statusall" command told me the charon daemon is running since 1600 days, so I figured I'd just restart the ipsec service via webinterface buttons in the upper right corner. But after the "restart" it still shows 1600 days uptime for the charon daemon and the ipsec connections did not drop, so I guess it didn't restart.

    Found these commands here on the forum:
    pfSsh.php playback svc stop ipsec
    pfSsh.php playback svc start ipsec

    and tried them, but they didn't work.

    Is there a way to determine if the config has been loaded by that daemon?

    Is there another way to restart the daemon maybe? Without restarting the whole pfsense?

    PfSense Version is 2.3.2.

    J 1 Reply Last reply Jun 16, 2021, 12:54 PM Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate @gustavgans
      last edited by Jun 16, 2021, 12:54 PM

      @gustavgans said in Cannot restart ipsec service, is there a way to determine if ipsec config has been loaded?:

      PfSense Version is 2.3.2

      That version is several years out of date. You aren't going to get a lot of help trying to diagnose a problem on a version that old. Update to a current supported version and if you still have problems, there are ways to debug that better there using swanctl.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • G
        gustavgans
        last edited by Jun 16, 2021, 1:33 PM

        Upgrade is not an option unfortunately, it's a production system. Even rebooting is not really an option (downtime), that's why I asked the above question.

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jun 16, 2021, 2:05 PM

          2.3.2 is 6 years old. No system is so important that it can't have any downtime in 6 years to upgrade, and if it was, it should be in HA so upgrades have minimum impact.

          Upgrade.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 2
          • J jimp locked this topic on Jun 16, 2021, 2:05 PM
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received