Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.0.3 bug/issue with IPSEC post-upgrade

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pentangle
      last edited by

      Hi all,

      I believe I've found a bug in 2.0.3.

      It relates to IPSEC site-to-site connections.  Basically, I had PFSense 2.0.2 working in a mesh of a few sites since Sept, and VPN worked flawlessly.  I upgraded one box to 2.0.3 and whilst the initial VPN tunnels came up, upon the next key negotiation the side of the tunnel managed by 2.0.3 died.

      I first ascertained that IP traffic wasn't being passed by the tunnel, but it erroneously appeared on the 2.0.2 (other side of the tunnel) box that the tunnel was active.

      I then tried everything, from deleting and recreating the tunnel on either side of the link, but eventually realised that other tunnels had died on the 2.0.3 box.

      The only thing which brought them back to life was unticking and reticking the "Enable IPSEC" tickbox, which I assume restarted the daemon?

      Anyway, without any clear pointers as to where to register this as a bug, this forum is the recipient.  Enjoy! (i'd be happy to register it as a bug but Github appears to lack the facility to create issues).

      Thanks,
      Mike.

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Do you have static IPs on all the ends that use IPsec or are some/all of the public IPs dynamic?
        (I have reason for asking)

        1 Reply Last reply Reply Quote 0
        • P
          Pentangle
          last edited by

          No they're all statics.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            The behaviour I've observed with IPsec is that if a WAN IP changes or tunnel dies because of an internet drop when the internet connection returns the VPN will try to reconnect.  It will even look like it has reconnected on both ends, but there will be errors in the log.  Resetting the IPsec server (raccoon) makes it all start working again…  Till next time it happens.

            I see it on 2.03

            I've been told its fixed for 2.1, but I'm not on 2.1 and don't need IPsec really, so haven't gotten around to testing it on 2.1

            1 Reply Last reply Reply Quote 0
            • E
              ermax
              last edited by

              I am experiencing the same issue on 2.0.3. It ran fine on 2.0.2 though. It seems to die at the end of the phase 2 lifetime. BTW, nothing has changed other than upgrading to 2.0.3.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.