Possible UI issue in Status -> IPsec -> Overview
-
I have two IPsec VPN tunnels configured on a Netgate 3100 running 25.05.1-RELEASE. One is an policy-based tunnel, the other is a routed tunnel (VTI), both are IKEv2.
Both VPNs are working without issue, traffic is passing as expected and performance is fine, they just display strangely in the status screen. There are two entries named after the policy-based tunnel (this config was created first), even though one of those entries seems to be for the VTI tunnel. The description for the VTI tunnel is at the bottom but shows as disconnected. I've partially redacted the names in the second set of screenshots so you can see what's going on, bear in mind there are 193.x.x.2 and 195.x.x.2 public IP addresses in use, it's easy to miss at first glance.
Screenshots of the settings page and the status page before and after expanding the child SAs are below.
I think this is purely cosmetic - the 3rd IPsec entry just shouldn't be there, and the description used for the second tunnel is wrong, but it would be nice to get it fixed. Rebooting the firewall results in it coming back the same. I've not been able to do a config export, wipe and reload.
If you'd like config exports or a debug or similar then let me know what address to send those to.
-
There are known issues with the IPsec status on Plus 21.05.x and CE 2.5.x, all of the issues are already fixed on development snapshots.
-
Ah, didn't spot this yesterday when I looked
https://redmine.pfsense.org/issues/11910
This can be considered solved I think.