Bug #13131
closed
Mobile IPsec clients cannot be manually disconnected from IPsec status screen
Added by Lars Pedersen over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Affected Architecture:
All
Description
The red "Disconnect P1" button in status ipsec overview doesn't seem to work anymore in pfsense 2.6.0 for mobile clients. The client is still using the same connection and the established time is continuing.
When the button is clicked the IPSec logs shows:
May 5 14:05:25 charon 10725 05[CFG] vici terminate IKE_SA 'con'
So I think it tries to delete a a connection for IKE_SA named "con", which hardly can be unique.
Files
What specific type of mobile IPsec configuration is this? (e.g. IKEv1, xauth, IKEv2, EAP-TLS, EAP-MSCHAPv2, etc)
It is clients (roadwarriors) using IKEv2 with PSKs
I added a snapshot more. My guess is some regex that returns con from the string "con-mobile #14077"
Tested:
2.7.0-DEVELOPMENT (amd64)
built on Tue May 10 14:23:11 UTC 2022
FreeBSD 12.3-STABLE
Indeed the IKE_SA doesn't get disconnected upon clicking on the Disconnect P1 button. I am getting the same log as stated in the ticket description.
May 11 10:24:02 charon 80091 15[CFG] vici terminate IKE_SA 'con'
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version set to 2.7.0
- Plus Target Version set to 22.05
- Subject changed from Disconnect P1 button not working in status IPSec overview to Mobile IPsec clients cannot be manually disconnected from IPsec status screen
I was able to replicate the problem and have a fix.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Tested:
2.7.0-DEVELOPMENT (amd64)
built on Thu May 19 06:14:05 UTC 2022
FreeBSD 12.3-STABLE
It works as expected. I am marking this ticket resolved.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 