PFsense 2.2 upgrade - connected but no traffic?

Zeon

Hey guys,
Have been using PFsense since the v1 days and have found IPSEC to be very good and reliable (needed to make changes with MSS clamping a few times but no big dramas).

Anyway I upgrade to 2.2 today and the first thing I noticed is that my PFsense 2.2 router to 3x other PFsense 2.1.5 routers all were "up" but no traffic (either IPv4 or IPv6) could traverse. Looking at the status page it says all connected and no settings were changed.

Now the funny thing was that I happened to have 2 tunnels that were on older settings (the difference being SHA1 rather than SHA512 and DH 5 rather than DH 18) that were still working.

If I reset the IPSec on the broken routers it would work for about 20 minutes but then go silent. I've done an experiment now to change one of the problem tunnels to SHA1 and DH5 and its been great for over 2 hours. I wonder if there is some problem with the new IPSEC engine on 2.2

The first attachment shows a working config and the second shows the problematic one.

Any ideas?

![Screenshot 2015-01-26 00.27.22.png](/public/imported_attachments/1/Screenshot 2015-01-26 00.27.22.png)
![Screenshot 2015-01-26 00.27.22.png_thumb](/public/imported_attachments/1/Screenshot 2015-01-26 00.27.22.png_thumb)
![Screenshot 2015-01-26 00.28.24.png](/public/imported_attachments/1/Screenshot 2015-01-26 00.28.24.png)
![Screenshot 2015-01-26 00.28.24.png_thumb](/public/imported_attachments/1/Screenshot 2015-01-26 00.28.24.png_thumb)

miguelgoncalves

I also had odd behaviour after upgrading from 2.1.5 to 2.2.

I deleted the IPsec P1 & P2, restarted the IPsec service on both boxes and recreated the tunnel. It is working perfectly now.

HTH

patrick7

@all - Same problem as described here? https://forum.pfsense.org/index.php?topic=87333.0

phatty

I have a pfSense to Cisco ASA IPSEC connection that is acting similar to some of the other reports around here. Connection is up, but twice now, after several hours of being up and running, it will stop passing data. Last night I was quick to just reboot pfSense as I wanted to get to bed…. But this morning when it happened again I noticed the IPSEC status showed Connected, but no data was passing over the connection. Currently have several ping monitors up and running to keep an eye on things to see if this dies again.

mpworestes

We are having the same problem.

We 4 different pfsense firewalls connecting to 1 pfsense firewall.

our site to site IPsec tunnels stay connected but traffic stops, it is random, sometimes it happens once per hour, sometimes once every 3 hours, sometimes every 5 mins.

This is with pfsense 2.2 release. but it started with 2.2RC

georgeman

Check out on Status -> IPsec for who initiates the connection. If it fails when pfSense is the initiator, I bet this is related: https://forum.pfsense.org/index.php?topic=87333.0

mpworestes

In my case all ends are Pfsense 2.2

This was not happening when we had 2.1x