pfSense

Bug #12566

Updated by Marcos M over 2 years ago

On a BACKUP node, when the IPsec deamon is started, started (e.g. after reboot or stopping/starting the service), any Phase1 configuration which is set to a gateway group will result in connection/initiate attempts. This behavior does not exist when the Phase1 configuration is set to a VIP. This can happen when, for example, doing the following: 
 # after reboot 
 # manually stopping/starting the service 
 # changing the config to switch from VIP to GW group 

 Separately, I also see the following in the IPsec logs of the BACKUP node. I'm not clear on what is triggering this however (it is not the keepalive option). 
 <pre> 
 Dec 5 16:59:23  	 charon  	 26121  	 07[KNL] creating acquire job for policy 192.0.2.4/32|/0 === 198.51.100.2/32|/0 with reqid {5001} 
 Dec 5 16:59:23  	 charon  	 26121  	 15[CFG] trap not found, unable to acquire reqid 5001 
 Dec 5 16:59:26  	 charon  	 26121  	 15[KNL] creating acquire job for policy 192.0.2.4/32|/0 === 198.51.100.3/32|/0 with reqid {5002} 
 Dec 5 16:59:26  	 charon  	 26121  	 07[CFG] trap not found, unable to acquire reqid 5002 
 Dec 5 16:59:29  	 charon  	 26121  	 07[KNL] creating acquire job for policy 192.0.2.4/32|/0 === 198.51.100.2/32|/0 with reqid {5001} 
 Dec 5 16:59:29  	 charon  	 26121  	 09[CFG] trap not found, unable to acquire reqid 5001 
 Dec 5 16:59:32  	 charon  	 26121  	 09[KNL] creating acquire job for policy 192.0.2.4/32|/0 === 198.51.100.3/32|/0 with reqid {5002} 
 Dec 5 16:59:32  	 charon  	 26121  	 07[CFG] trap not found, unable to acquire reqid 5002 
 Dec 5 16:59:35  	 charon  	 26121  	 07[KNL] creating acquire job for policy 192.0.2.4/32|/0 === 198.51.100.2/32|/0 with reqid {5001} 
 Dec 5 16:59:35  	 charon  	 26121  	 09[CFG] trap not found, unable to acquire reqid 5001  
 </pre>

Back