PFSense 2.0.3 bug/issue with IPSEC post-upgrade



  • Hi all,

    I believe I've found a bug in 2.0.3.

    It relates to IPSEC site-to-site connections.  Basically, I had PFSense 2.0.2 working in a mesh of a few sites since Sept, and VPN worked flawlessly.  I upgraded one box to 2.0.3 and whilst the initial VPN tunnels came up, upon the next key negotiation the side of the tunnel managed by 2.0.3 died.

    I first ascertained that IP traffic wasn't being passed by the tunnel, but it erroneously appeared on the 2.0.2 (other side of the tunnel) box that the tunnel was active.

    I then tried everything, from deleting and recreating the tunnel on either side of the link, but eventually realised that other tunnels had died on the 2.0.3 box.

    The only thing which brought them back to life was unticking and reticking the "Enable IPSEC" tickbox, which I assume restarted the daemon?

    Anyway, without any clear pointers as to where to register this as a bug, this forum is the recipient.  Enjoy! (i'd be happy to register it as a bug but Github appears to lack the facility to create issues).

    Thanks,
    Mike.



  • Do you have static IPs on all the ends that use IPsec or are some/all of the public IPs dynamic?
    (I have reason for asking)



  • No they're all statics.



  • The behaviour I've observed with IPsec is that if a WAN IP changes or tunnel dies because of an internet drop when the internet connection returns the VPN will try to reconnect.  It will even look like it has reconnected on both ends, but there will be errors in the log.  Resetting the IPsec server (raccoon) makes it all start working again…  Till next time it happens.

    I see it on 2.03

    I've been told its fixed for 2.1, but I'm not on 2.1 and don't need IPsec really, so haven't gotten around to testing it on 2.1



  • I am experiencing the same issue on 2.0.3. It ran fine on 2.0.2 though. It seems to die at the end of the phase 2 lifetime. BTW, nothing has changed other than upgrading to 2.0.3.