pfSense Gold Subscription

Author Topic: IPSec status display in 2.4.1  (Read 102 times)

0 Members and 1 Guest are viewing this topic.

Offline Bimmer Jones

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
IPSec status display in 2.4.1
« on: November 21, 2017, 02:31:51 pm »
After upgrading one of my SG-4680's from 2.3.4 to 2.4.1 over the weekend, the IPSec status display does some "interesting" things.

First, as tunnels come up, rather than update the existing line items for the tunnels (and moving them above inactive ones), webGUI creates new entries displaying the phase 1 SA details without the descriptive identifier from the configuration. This makes it difficult to identify a particular SA without knowing the peer's IP address.

Second, these new entries include non-functional buttons to show phase 2 SA's. The only phase 2 status is available from the SPDs tab.

I have more than 100 tunnels in my configuration, with anywhere from 25-30 active at any one time. Exporting and re-importing the IPSec section of config.xml doesn't resolve the issue, so it's not an obvious XML parsing problem. The issue also persists across reboots and theme changes (changing from the default theme to one like "pfSense Dark" or "Compact Red" doesn't resolve the issue). This device's HA peer still runs 2.3.4 and doesn't exhibit this behavior.

Offline Grimson

  • Full Member
  • ***
  • Posts: 192
  • Karma: +28/-2
    • View Profile
Re: IPSec status display in 2.4.1
« Reply #1 on: November 21, 2017, 02:40:37 pm »
Update to 2.4.2.

Offline Bimmer Jones

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: IPSec status display in 2.4.1
« Reply #2 on: November 21, 2017, 03:26:10 pm »
Huh. Must have missed the release announcement. I'll drop it in and re-test.