Bug #8015
closedIPsec VPN Not Reconnecting until complete reboot
0%
Description
We have multiple IPSec tunnels to our remote sites and Every now and then, some sites will fail to reconnect unless we reboot PFSense. Checking IPSec log, it's saying "no IKE config found for <IP Address>...<IP Address, sending No_Proposal_Chosen", although the configs have not been modified at all. Modifying Phase1 parameters or even deleting the entire tunnel config and recreating it won't fix the issue nor restarting the IPSec services. The only solution for us so far is rebooting PFSense Entirely. OpenBGPD is not installed by the way.
Files
Updated by Jim Thompson almost 7 years ago
- Assignee set to Anonymous
- Priority changed from Very High to Normal
Not sure we can do much about this in the current architecture.
Updated by Steve Wheeler almost 7 years ago
I think this must be a duplicate but I'm unable to find another ticket that matches it exactly right now. Possibly this was happening previously but we did not note the exact conditions.
When this situation occurs the SPDs are removed from IPSec such that the connection cannot be initiated from the local side and if the remote side tries to initiate the local side replies "NO_PROPOSAL_CHOSEN".
If you try to stop the IPSec service during this time Status > Services will indicate it fails to stop. In fact the IPSec Starter is stopped but not Charon which stops taking instruction from the starter.
Killing Charon from the CLI will allow the service to restart with all configured SPDs present.
Updated by Jim Pingle almost 5 years ago
- Subject changed from IPSecVPN Not Reconnecting until complete reboot to IPsec VPN Not Reconnecting until complete reboot
- Status changed from New to Feedback
- Assignee deleted (
Anonymous) - Target version set to 2.5.0
This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build.
Updated by Anonymous almost 4 years ago
- Status changed from Feedback to Resolved