Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec/L2TP on 2.2.3 broken?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alamaral
      last edited by

      I'm running a few pfsense as vpn/fw using 2.2.2 version. After upgrading for this morning to 2.2.3 my IPSec/L2TP my vpn is broken. Does anyone experiencing the same?  There is no information on l2tp starting on the logs. Something is different.

      Some logs:

      Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
      Jun 25 15:07:35 charon: 02[IKE] <con1|3>deleting IKE_SA con1[3] between 162.XXX.XXX.184[162.XXX.XXX.184]…191.XXX.XXX.97[191.XXX.XXX.97]
      Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
      Jun 25 15:07:35 charon: 02[IKE] <con1|3>received DELETE for IKE_SA con1[3]
      Jun 25 15:07:35 charon: 02[ENC] <con1|3>parsed INFORMATIONAL_V1 request 285074821 [ HASH D ]
      Jun 25 15:07:35 charon: 02[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
      Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
      Jun 25 15:07:35 charon: 11[IKE] <con1|3>closing CHILD_SA con1{3} with SPIs c0a86ce2_i (0 bytes) 0ea40bf5_o (0 bytes) and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
      Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
      Jun 25 15:07:35 charon: 11[IKE] <con1|3>received DELETE for ESP CHILD_SA with SPI 0ea40bf5
      Jun 25 15:07:35 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 1492790087 [ HASH D ]
      Jun 25 15:07:35 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (76 bytes)
      Jun 25 15:07:25 charon: 11[ENC] <con1|3>parsed INFORMATIONAL_V1 request 3460051619 [ HASH N(DPD_ACK) ]
      Jun 25 15:07:25 charon: 11[NET] <con1|3>received packet: from 191.XXX.XXX.97[500] to 162.XXX.XXX.184[500] (92 bytes)
      Jun 25 15:07:25 charon: 11[NET] <con1|3>sending packet: from 162.XXX.XXX.184[500] to 191.XXX.XXX.97[500] (92 bytes)
      Jun 25 15:07:25 charon: 11[ENC] <con1|3>generating INFORMATIONAL_V1 request 1605134724 [ HASH N(DPD) ]
      Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
      Jun 25 15:07:25 charon: 11[IKE] <con1|3>sending DPD request
      Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]
      Jun 25 15:07:15 charon: 09[IKE] <con1|3>CHILD_SA con1{3} established with SPIs c0a86ce2_i 0ea40bf5_o and TS 162.XXX.XXX.184/32|/0[udp/l2f] === 191.XXX.XXX.97/32|/0[udp/51531]</con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3></con1|3>

      1 Reply Last reply Reply Quote 0
      • D
        dharrigan
        last edited by

        Hi!

        SNAP!

        I just posted a few seconds after you - I'm having the same issue!

        -=david=-

        1 Reply Last reply Reply Quote 0
        • P
          phuka
          last edited by

          Same issue

          1 Reply Last reply Reply Quote 0
          • D
            dharrigan
            last edited by

            https://redmine.pfsense.org/issues/4791

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.