Project

General

Profile

Actions
Copy link

Bug #16183

open

IPsec tunnels show as down, but they are working

Added by Orion Poplawski 21 days ago. Updated 18 days ago.

Status:
Incomplete
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Our IPsec connection is working, but the status shows as down:

The IPSec Overview shows:

The "Multiple" item appears to be a combination of the two lower items, which are the two P2 settings in IPsec / Tunnels

swanctl --list-sa:

Seeing this in both 2.7.2-RELEASE and plus 24.11-RELEASE

Files

Download all files
clipboard-202505091705-zv4df.png (31.6 KB) clipboard-202505091705-zv4df.png Orion Poplawski, 05/09/2025 11:05 PM
clipboard-202505091708-s7quy.png (75.5 KB) clipboard-202505091708-s7quy.png Orion Poplawski, 05/09/2025 11:08 PM
clipboard-202505091713-6emxd.png (28.5 KB) clipboard-202505091713-6emxd.png Orion Poplawski, 05/09/2025 11:13 PM
Actions
Copy link
 #1

Updated by Jim Pingle 18 days ago

  • Status changed from New to Incomplete

I can't reproduce this here. It maybe a remnant leftover after a configuration change where strongSwan didn't stop and start (rather than restart). That sort of difference would be from changing between either IKEv1 vs IKEv2 or changing split connections, or things of that nature. At some point it was considering each P2 as a separate SA but now it's combining multiple P2 entries into a single SA.

You didn't include any version information or the P1 info for the same tunnel so it's impossible to speculate further, but this site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum .

See Reporting Issues with pfSense Software for more information.

Actions
Copy link

Also available in: Atom PDF