Project

General

Profile

Actions
Copy link

Bug #8691

closed

It is possible to disable an IPsec P1 that has a VTI child P2

Added by Azamat Khakimyanov almost 6 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Jim Pingle
Category:
IPsec
Target version:
-
Start date:
07/25/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:
All

Description

I created Routed (VTI) IPsec between two pfSense with 2.4.4-DEV. When tunnel was established, I assigned IPsec interface (ipsec_interface_assigned_pf1.png).

When Routed (VTI) IPsec is UP I can't change its mode - I saw this message when I tried "Cannot switch away from VTI while the interface is assigned. Remove the interface assignment before switching away from VTI."

but when I disable IPsec tunnel, I was able to change "Routed (VTI)" mode to "Tunnel IPv4" and apply this new mode without any error message (ipsec_after_mode_changing_pf1.png). But now into Interfaces/Interface Assignments I see instead IPsec interface that my WAN interface was duplicated (ipsec_interface_assigned_pf1_WAN_issue.png). And I was able to Enable my IPsec tunnel without any error.

Files

Download all files
ipsec_interface_assigned_pf1.png (87.1 KB) ipsec_interface_assigned_pf1.png Azamat Khakimyanov, 07/25/2018 12:22 PM
ipsec_interface_assigned_pf1_WAN_issue.png (68.3 KB) ipsec_interface_assigned_pf1_WAN_issue.png Azamat Khakimyanov, 07/25/2018 12:22 PM
ipsec_after_mode_changing_pf1.png (166 KB) ipsec_after_mode_changing_pf1.png Azamat Khakimyanov, 07/25/2018 12:23 PM
Actions
Copy link

Also available in: Atom PDF