Bug #8015


IPsec VPN Not Reconnecting until complete reboot

Added by Lloyd Virola over 4 years ago. Updated over 1 year ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


We have multiple IPSec tunnels to our remote sites and Every now and then, some sites will fail to reconnect unless we reboot PFSense. Checking IPSec log, it's saying "no IKE config found for <IP Address>...<IP Address, sending No_Proposal_Chosen", although the configs have not been modified at all. Modifying Phase1 parameters or even deleting the entire tunnel config and recreating it won't fix the issue nor restarting the IPSec services. The only solution for us so far is rebooting PFSense Entirely. OpenBGPD is not installed by the way.


PFSense SC IPSec Log 1.png (25.4 KB) PFSense SC IPSec Log 1.png Lloyd Virola, 10/26/2017 05:32 PM
Actions #1

Updated by Jim Thompson over 4 years ago

  • Assignee set to Anonymous
  • Priority changed from Very High to Normal

Not sure we can do much about this in the current architecture.

Actions #2

Updated by Steve Wheeler over 4 years ago

I think this must be a duplicate but I'm unable to find another ticket that matches it exactly right now. Possibly this was happening previously but we did not note the exact conditions.

When this situation occurs the SPDs are removed from IPSec such that the connection cannot be initiated from the local side and if the remote side tries to initiate the local side replies "NO_PROPOSAL_CHOSEN".

If you try to stop the IPSec service during this time Status > Services will indicate it fails to stop. In fact the IPSec Starter is stopped but not Charon which stops taking instruction from the starter.

Killing Charon from the CLI will allow the service to restart with all configured SPDs present.

Actions #3

Updated by Jim Pingle over 2 years ago

  • Subject changed from IPSecVPN Not Reconnecting until complete reboot to IPsec VPN Not Reconnecting until complete reboot
  • Status changed from New to Feedback
  • Assignee deleted (Anonymous)
  • Target version set to 2.5.0

This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build.

Actions #4

Updated by Anonymous over 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF