Project

General

Profile

Actions

Bug #11528

closed

IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels

Added by Michael Knowles 9 months ago. Updated 9 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
02/24/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
amd64

Description

Hi,

I've updated two pfSense instances so far from 2.4.5 to 2.5.0 and both have exhibited the same issues. The first instance has 9 IPsec tunnels, the second instance has 8 IPsec tunnels. All are site-to-site tunnels to other pfSense instances (earlier than 2.5.0). There is also an IPsec tunnel between the two upgraded instances. Here are the issues:

1) IPsec tunnels are marked as disconnected when they are in fact connected (you can ping the other end of the tunnel). I've had this on tunnels on both instances, and even on the tunnel that exists between both instances, where both sides of the tunnel insist the tunnel is down but it's in fact up.
2) IPsec tunnels are shown as up with packets passing when in fact they're down at the time, but can be enlivened after approx the 2nd or 3rd ping to the remote endpoint.
3) The IPsec status page says "Collecting IPsec status information" for an inordinately long period of time (could be minutes, doesn't seem to depend upon tunnel status as I disabled all tunnels and it still took a while to show status rather than the almost instantaneous display of previous versions).

It appears that a single IPsec tunnel may appear to display properly, but more than a single tunnel and things start to go funky. I can't confirm that a single tunnel is 100% reliably shown currently, but the one time I disabled all the other tunnels on an instance the one tunnel remaining displayed properly, and then displayed improperly once a second tunnel was re-enabled.

Actions #1

Updated by Jim Pingle 9 months ago

  • Status changed from New to Duplicate
  • Priority changed from High to Normal

Duplicate of #11435 and/or other existing issues that have already been solved for IPsec. Check the forum, there are numerous posts with instructions on how to apply relevant patches.

Actions

Also available in: Atom PDF