Note: pfSense 2.2 + Ipsec psk Xauth + Radius; Must restart service
I spent all morning fighting this.
When using mobile IPSEC VPN, when you switch your "User Authentication" from the local database to point to your Radius server, you have to STOP, then manually START the VPN service or else authentications fail immediately.
I've been able to repeat this behavior by switching between "local database" and "radius server".
What an annoying thing to hunt down, I was looking in all the wrong places and out of frustration I rebooted the whole server, then it started working…. which is what lead me to stopping then restarting the IPsec service.
Sorry if this is already known, I'm just venting...
I've tested this on a clean install of 2.2, and a 2.5.1 -> 2.2 upgraded server. Both exhibit the same behavior.
OMFG I spent all day pissing around with different things until I read your post, THANK YOU THANK YOU THANK YOU.
Now pfSense: it's been 18 months since this was noted, maybe it would be a good idea to automatically restart the VPN service when a change like this is made?
When you are making a change to a server with dozens of tunnels in production, stopping and restarting IPsec because of a change made to one tunnel can be a real downer.