Blank IPSec Status



  • I'm trying to figure out why my IPSec status is blank.  My tunnel is up.  Traffic is routing as expected.  I have two SAD rows (one for each direction) and two SPD rows (one for each direction) on each end of the tunnel.  Logs look normal on both ends.

    Since everything's running as designed, I guess it's not such a big deal, but it is odd.  Has anyone ever seen this before?

    My end points are both pfSense running v2.1.5 (one on i386, one on amd64) on FreeBSD v8.3-RELEASE-p16



  • I think I've seen this before. It happens when one of the endpoints (Local Network or Remote Network) is not a full subnet, and is instead a single IP address with a /32 mask or a true subnetted network like a /29 or something similar.

    By chance, does that fit your scenario at all?



  • In my phase 2s, the local networks are set to LAN Network and the remote networks are set to /24 subnets, defined the same as the LAN network on the other end.  e.g. The LAN network in site A is 192.168.1.0/24 and the remote network defined in the site B end point is 192.168.1.0/24.

    Interesting that you mention /32, because I do see this in the log…
    Dec 12 20:39:11 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.1/32[0] 192.168.1.0/24[0] proto=any dir=out
    Dec 12 20:39:11 racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.1/32[0] proto=any dir=in

    But I have no idea where it's picking up that /32 definition with the 1 in the last octet.



  • Seems to be a bug in the NetGate Theme.  I just noticed that all other themes show my tunnel up in the IPSec Status page as expected, but the NetGate Theme shows a blank status.


Log in to reply