Bug #8015
closed
IPsec VPN Not Reconnecting until complete reboot
Added by Lloyd Virola about 7 years ago.
Updated about 4 years ago.
Description
We have multiple IPSec tunnels to our remote sites and Every now and then, some sites will fail to reconnect unless we reboot PFSense. Checking IPSec log, it's saying "no IKE config found for <IP Address>...<IP Address, sending No_Proposal_Chosen", although the configs have not been modified at all. Modifying Phase1 parameters or even deleting the entire tunnel config and recreating it won't fix the issue nor restarting the IPSec services. The only solution for us so far is rebooting PFSense Entirely. OpenBGPD is not installed by the way.
Files
- Assignee set to Anonymous
- Priority changed from Very High to Normal
Not sure we can do much about this in the current architecture.
I think this must be a duplicate but I'm unable to find another ticket that matches it exactly right now. Possibly this was happening previously but we did not note the exact conditions.
When this situation occurs the SPDs are removed from IPSec such that the connection cannot be initiated from the local side and if the remote side tries to initiate the local side replies "NO_PROPOSAL_CHOSEN".
If you try to stop the IPSec service during this time Status > Services will indicate it fails to stop. In fact the IPSec Starter is stopped but not Charon which stops taking instruction from the starter.
Killing Charon from the CLI will allow the service to restart with all configured SPDs present.
- Subject changed from IPSecVPN Not Reconnecting until complete reboot to IPsec VPN Not Reconnecting until complete reboot
- Status changed from New to Feedback
- Assignee deleted (
Anonymous)
- Target version set to 2.5.0
This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Anonymous 