Still IPSec Problems with 2.2.2
-
I didn't clone the first P2 to create the second P2, they were all manually created.
The reqids should be fine in that case. Seems they end up losing their unique reqids in this circumstance. If that's the case (check "ipsec statusall" for the reqid, it should be unique on every P2), that's this: https://redmine.pfsense.org/issues/4665
-
It appears strongswan 5.3.0 fixed something where setting the reqid explicitly is no longer required to work around other issues, and omitting reqid from ipsec.conf appears to work around the conflicting reqid problem. If you're on 2.2.2 already, gitsyncing to latest RELENG_2_2 is adequate to get those changes, or just comment out both instances of these lines in /etc/inc/vpn.inc:
if (!empty($reqids[$idx])) $ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";by changing it to:
//if (!empty($reqids[$idx])) //$ipsecfin .= "\treqid = " . $reqids[$idx] . "\n";Matching this change:
https://github.com/pfsense/pfsense/commit/afd0c1f2c9c46eaa8e496e98bea8a8e0887d504fThen go to VPN>IPsec, click Save, and stop, then start strongswan. Or just reboot to be really sure everything previous is fully cleared out.
-
I can reproduce problem very quickly
P2 lifetime dropped to 300 seconds and when it expires, traffic stops
Oh well back to 2.1.5 because 2.2.x is not production ready from my experiences so far
I have been using 2.2.1 with no problems regarding Ipsec. when i upgraded to 2.2.2 i started having this issue with multiple P2 entries. I fell back to 2.2.1 and I am back up and running with no problems. just thought I would toss that out there.