Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Note: pfSense 2.2 + Ipsec psk Xauth + Radius; Must restart service

    IPsec
    3
    3
    1083
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Amora last edited by

      I spent all morning fighting this.

      When using mobile IPSEC VPN, when you switch your "User Authentication" from the local database to point to your Radius server, you have to STOP, then manually START the VPN service or else authentications fail immediately.

      I've been able to repeat this behavior by switching between "local database" and "radius server".

      What an annoying thing to hunt down, I was looking in all the wrong places and out of frustration I rebooted the whole server, then it started working…. which is what lead me to stopping then restarting the IPsec service.

      Sorry if this is already known, I'm just venting...

      I've tested this on a clean install of 2.2, and a 2.5.1 -> 2.2 upgraded server. Both exhibit the same behavior.

      1 Reply Last reply Reply Quote 0
      • S
        slamotte last edited by

        OMFG I spent all day pissing around with different things until I read your post, THANK YOU THANK YOU THANK YOU.

        Now pfSense: it's been 18 months since this was noted, maybe it would be a good idea to automatically restart the VPN service when a change like this is made?

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          When you are making a change to a server with dozens of tunnels in production, stopping and restarting IPsec because of a change made to one tunnel can be a real downer.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post