Bug? ipsec vpn stopped when vlans configured



  • Hello,

    I turned up three vlans on my router and my site to site vpn stopped.  Restoring the configuration and rebooting the firewall fixed it.

    When it happened a second time, I disabled the new vlan interfaces,with no change.  Rebooting again fixed it.

    The local racoon logs showed no activity on the ipsec vpn at all.  The remote pfsense racoon logs showed "[Remote Side not responding]"

    I have the racoon.conf file before and after the last reboot.  There are three sections missing from the "before" file:

    Listen {…}
    remote ipaddr {...}
    remote anonymous {...}

    It's as if the racoon.conf file got mangled and racoon reloaded when I clicked "save changes".

    it makes sense: without the Listen part, racoon won't bind to any ports.  If it happens again, I will check the output of sockstat.

    Here are the pertinent information:

    1. local version of pfsense: 2.1, remote version (other end of site to site vpn): 2.0.3
    2. Wan port is bge0
    3. vlan ports are only on bge1.

    Is this a bug?

    racoon.conf.after_reboot_vpnworks.txt
    racoon.conf.before_with_stuckvpn.txt