Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec tunnel failures after upgrade to 1.2.3

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KGTech
      last edited by

      We have several IPSec tunnels established between our central PFSense firewall and remote employees with different Netgear firewalls.  These tunnels have been running for at least a year or more without any major issues.  Ever since we upgraded FPSense to version 1.2.3 we have been having issues with the tunnels dropping after the timeout values expire.  The only way to get them going again is to disable the tunnel on both sides and then re-enable them. We do have a couple of PFSense to FPSense tunnels that stay up and do not require manual intervention.  It is only the tunnels to Netgear devices that are failing.

      We have not been able to find any reference to this as a known bug but are hoping someone may have an idea on how to resolve the issue.

      -kg

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        On pfSense, try to enable "Prefer old IPsec SAs" under the advanced options. I have to enable this when talking to some other routers (Linksys, Watchguard, etc)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          KGTech
          last edited by

          @jimp:

          On pfSense, try to enable "Prefer old IPsec SAs" under the advanced options. I have to enable this when talking to some other routers (Linksys, Watchguard, etc)

          Thanks,  I will try that and see what happens.

          -kg

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.