Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Note: pfSense 2.2 + Ipsec psk Xauth + Radius; Must restart service

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Amora
      last edited by

      I spent all morning fighting this.

      When using mobile IPSEC VPN, when you switch your "User Authentication" from the local database to point to your Radius server, you have to STOP, then manually START the VPN service or else authentications fail immediately.

      I've been able to repeat this behavior by switching between "local database" and "radius server".

      What an annoying thing to hunt down, I was looking in all the wrong places and out of frustration I rebooted the whole server, then it started working…. which is what lead me to stopping then restarting the IPsec service.

      Sorry if this is already known, I'm just venting...

      I've tested this on a clean install of 2.2, and a 2.5.1 -> 2.2 upgraded server. Both exhibit the same behavior.

      1 Reply Last reply Reply Quote 0
      • S
        slamotte
        last edited by

        OMFG I spent all day pissing around with different things until I read your post, THANK YOU THANK YOU THANK YOU.

        Now pfSense: it's been 18 months since this was noted, maybe it would be a good idea to automatically restart the VPN service when a change like this is made?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          When you are making a change to a server with dozens of tunnels in production, stopping and restarting IPsec because of a change made to one tunnel can be a real downer.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.