pfSense

Applied in changeset eb5bd64face47422285cb883ad44fc5d77c361fa.

To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the IPsec tunnel.

Check the generated /var/etc/ipsec/swanctl.conf file and it will have an incorrect child name (con0)

    con100000 {
        fragmentation = yes
        unique = replace
        version = 2
        proposals = aes128gcm128-aesxcbc-curve448
        dpd_delay = 10s
        dpd_timeout = 60s
        rekey_time = 25920s
        reauth_time = 25920s
        over_time = 2880s
        rand_time = 2880s
        encap = no
        mobike = no
        local_addrs = 198.51.100.15
        remote_addrs = 198.51.100.99
        pools = 
        local {
            id = 198.51.100.15
            auth = psk
        }
        remote {
            id = 198.51.100.99
            auth = psk
        }
        children {
            con0 {
                dpd_action = trap
                mode = tunnel
                policies = yes
                life_time = 3600s
                rekey_time = 3240s
                rand_time = 360s
                start_action = trap
                local_ts = 10.15.0.0/24
                remote_ts = 10.14.0.0/24
                esp_proposals = aes128gcm128-curve448
            }
        }
    }

On a snapshot with the fix, the same tunnel will have a child with the correct name, con100000:

            con100000 {
                dpd_action = trap
                mode = tunnel
                policies = yes
                life_time = 3600s
                rekey_time = 3240s
                rand_time = 360s
                start_action = trap
                local_ts = 10.6.0.0/24
                remote_ts = 10.14.0.0/24
                esp_proposals = aes128gcm128-curve448
            }

Updating subject for release notes.