Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ipsec can't stop / won't stop, and many SAs won't connect

    IPsec
    1
    1
    469
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      ZPrime last edited by

      Running 2.2.4 since I know there have been bugs in prior releases.

      I have a single IKEv1 tunnel with 15 phase 2 entries.  Hardware is a Soekris Net6501 (Intel em NICs).  Remote side is a Palo Alto PA-2020.

      I'm trying to troubleshoot why some of the ph2 entries are not coming up when they are called for.  Logging on the PA is its own challenge, so I was going to start with the pfSense box.  Cranked up several of the log options, told ipsec to restart, claims that it was restarted, see some new log entries, fine.

      On a whim, tweak some more debug logging higher, and decide to fully stop ipsec.  Services page says "ipsec service stopped," but the little status icon still shows a green arrow and says "running."  I can click the stop button there until my finger falls off, and ipsec still seems to be running.  Is this just a display bug, or does strongswan still have pieces running?

      I didn't have problems with all 15 phase2 SAs coming up in older releases, so something has obviously broken under the hood.  Would be happy to provide debug logs if I knew what services to crank up logging for, and how to get ipsec to correctly restart and thus recognize the new loglevels.  ;)

      [edit]
      And a reboot gets things working again, FWIW.  Now the ph2 SAs that weren't connecting 5 minutes ago are connecting / establishing.  Something is wrong here.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy