Home
Projects
Help

Search:

pfSense

All Projects

pfSense

Overview
Activity
Roadmap
Issues
Gantt
Calendar
News
Documents
Repository

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #4188

closed

IPSec SA requestid has limited range in FreeBSD

Added by Ermal Luçi almost 10 years ago. Updated almost 10 years ago.

Status:

Resolved

Priority:

Very High

Assignee:

Ermal Luçi

Category:

IPsec

Target version:

2.2

Start date:

01/07/2015

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

Description

FreeBSD allows up to ~16000 range of reqid on the SAs specified manually.
There are problems with the IPsec SA tracking of strongswan since pfSense specifies manually them to be able to track the various tunnels in the status page.
This becomes a problem since for requests with multiple phase2 the reqid is multiplied by 1000 to be able to track things.

Either the kernel should be patched to increase the range or there should be found another way to track the tunnel status.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Ermal Luçi almost 10 years ago

Priority changed from Normal to Very High

Actions

Copy link

Updated by Chris Buechler almost 10 years ago

Status changed from New to Confirmed

Actions

Copy link

Updated by Ermal Luçi almost 10 years ago

Status changed from Confirmed to Feedback
% Done changed from 0 to 100

Applied in changeset 4a3ce17a7e3926cce3bf2671965096db78f95932.

Actions

Copy link

Updated by Ermal Luçi almost 10 years ago

Applied in changeset f8e23dc8c4f6c333621e4fb44e8fc1f3ef1dd60c.

Actions

Copy link

Updated by Chris Buechler almost 10 years ago

Status changed from Feedback to Resolved

confirmed the new snapshot with this fix fixes the circumstances where we were seeing this.

Actions

Copy link

Updated by Ermal Luçi almost 10 years ago

Just need to check if the IKEv1 tunnels with many phase2 are still usable with pfSense to some other product Chris.

Can you make sure of that as well please?

Actions

Copy link

Updated by Pi Ba almost 10 years ago

This broke https://redmine.pfsense.org/issues/4129 again.. it really needs different reqid's for each P1 if unity is not supported by the remote device.. maybe not include the '00' in there, but make it unique in another way?

Actions

Copy link