Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec leases not showing

    IPsec
    2
    4
    608
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Endeavour
      last edited by Endeavour

      Hello,

      I have a little GUI issue. And can't seem to figure out the solution. Run a fair few instances of Pfsense in openstack none of them have the problem except this one. They are all from one template and over time updated from 2.4.5 to 2.5.x
      in the GUI when I open the GUI and goto:
      Screenshot 2022-01-26 at 22.39.44.png

      There is no Leases information. Which can come in handy sometimes. If I check the /var/log/system.log I get the following error:
      Screenshot 2022-01-26 at 22.36.30.png

      Did a diff on the /etc/ipsec.inc /usr/local/www/status_ipsec.php status_ipsec_leases.php from a working instance against this non working instance. Really annoys me that I cannot seem to figure this out lol.

      Tried a few patches. None of it is working

      Tunnels are working, clients have no issues. But for some of my coworkers It can help to just go to the GUI and see who is who on the Leases page. Obviously I can just re-deploy an image. But I wan't to know what is wrong

      Any Ideas ? Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Is there anything different about the IPsec configuration on this one? Compare /var/etc/ipsec/swanctl.conf on this vs the others.

        While this specific one doesn't seem familiar there are a number of issues with IPsec (mobile and site-to-site) on 2.5.x which have been addressed on 2.6.0. You might consider moving it up to a 2.6.0 RC image to see if it's OK there. But if you wait a few more days it'll be a release instead of an RC. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 1 Reply Last reply Reply Quote 1
        • E
          Endeavour @jimp
          last edited by

          @jimp Thanks,

          Yes indeed read about these IPsec probs in 2.5.x but indeed did not find this specific issue.

          Checked it out only thing I could find was

          < 	encap = no
---
> 	encap = yes

          Set the NAT Traversal option to force in the GUI, will restart the tunnel tonight see if it helps. Can't imagine to be honest, but I've seen weirder things in this digital world 🦆

          Not that font of running RC's in production lol. I'lll be patiently waiting for release 2.6.

          1 Reply Last reply Reply Quote 0
          • E
            Endeavour
            last edited by Endeavour

            Finally fixed it.

            Use Radius for authentication. When I checked the Radius server settings. I noticed that I made a config mistake I set the Services Offered to "authentication". When I changed it to "authentication and accounting". Everything started working as it supposed to.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.