Project

General

Profile

Actions

Bug #8015

closed

IPsec VPN Not Reconnecting until complete reboot

Added by Lloyd Virola almost 7 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
10/26/2017
Due date:
11/03/2017
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.4_1
Affected Architecture:

Description

We have multiple IPSec tunnels to our remote sites and Every now and then, some sites will fail to reconnect unless we reboot PFSense. Checking IPSec log, it's saying "no IKE config found for <IP Address>...<IP Address, sending No_Proposal_Chosen", although the configs have not been modified at all. Modifying Phase1 parameters or even deleting the entire tunnel config and recreating it won't fix the issue nor restarting the IPSec services. The only solution for us so far is rebooting PFSense Entirely. OpenBGPD is not installed by the way.


Files

PFSense SC IPSec Log 1.png (25.4 KB) PFSense SC IPSec Log 1.png Lloyd Virola, 10/26/2017 05:32 PM
Actions #1

Updated by Jim Thompson almost 7 years ago

  • Assignee set to Anonymous
  • Priority changed from Very High to Normal

Not sure we can do much about this in the current architecture.

Actions #2

Updated by Steve Wheeler almost 7 years ago

I think this must be a duplicate but I'm unable to find another ticket that matches it exactly right now. Possibly this was happening previously but we did not note the exact conditions.

When this situation occurs the SPDs are removed from IPSec such that the connection cannot be initiated from the local side and if the remote side tries to initiate the local side replies "NO_PROPOSAL_CHOSEN".

If you try to stop the IPSec service during this time Status > Services will indicate it fails to stop. In fact the IPSec Starter is stopped but not Charon which stops taking instruction from the starter.

Killing Charon from the CLI will allow the service to restart with all configured SPDs present.

Actions #3

Updated by Jim Pingle almost 5 years ago

  • Subject changed from IPSecVPN Not Reconnecting until complete reboot to IPsec VPN Not Reconnecting until complete reboot
  • Status changed from New to Feedback
  • Assignee deleted (Anonymous)
  • Target version set to 2.5.0

This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build.

Actions #4

Updated by Anonymous almost 4 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF