OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: Manxmann on May 30, 2017, 02:57:26 pm
-
Hi Folks,
Sorry me again :)
More of an observation than a bug. I have a number of 'site to site' IPsec VPN's in place between 5 different sites. All sites run OPNsense, mostly 17.1.7 but a one is 17.1.4.
Everything works and for the most part is trouble free but on each host I see odd numbers reported for the number of connected tunnels. For example I have one FW configured with 1 phase link and two phase two using IKEv1. The Dashboard shows 4 Active tunnels and -2 In-Active.
I have also noted at times that all the tunnels on a host can be 'Active' and working and the Dashboard shows 0 Active and 0 in-active. When this occurs checking VPN/IPSec/Status Overview shows nothing. Restarting the StrongSWAN daemon corrects this.
Whilst this odd behaviour doesn't seem to affect the IPSec function it does make diagnosing problems somewhat tricky.
Cheers
-
for what its worth, we see this too. It seems to resolve itself after a few minutes. I assume this is due to a change in strongswan. Probably this is caused by the renegotiation of the tunnels and the displayed numbers reflect to the total of old and new keys.
-
Hi,
Sorry, this appeared when strongSwan was updated from 5.5.1 to 5.5.2, a very unlikely candidate for such changes. I caught the IPsec widget's tunnel reporting in time, but the other one was harder to track and would only pop up in a secondary install ever so sporadically.
https://github.com/opnsense/core/commit/a039ad4d
It will be part of 17.1.8 this week, but you can patch it right away to help confirm:
# opnsense-patch a039ad4d
Cheers,
Franco
-
Thanks Franco,
Patch applied, I'll report back on my progress.
root@XEN-FW:~ # opnsense-patch a039ad4d
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From a039ad4db4d5819fa427c694c94d09846a377e3e Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Fri, 19 May 2017 16:19:24 +0200
|Subject: [PATCH] ipsec: fix widget count after 5.5.2 update
|
|---
| src/www/widgets/widgets/ipsec.widget.php | 12 +++++++++---
| 1 file changed, 9 insertions(+), 3 deletions(-)
|
|diff --git a/src/www/widgets/widgets/ipsec.widget.php b/src/www/widgets/widgets/ipsec.widget.php
|index 4a98e13a5..58eb9e258 100644
|--- a/src/www/widgets/widgets/ipsec.widget.php
|+++ b/src/www/widgets/widgets/ipsec.widget.php
--------------------------
Patching file www/widgets/widgets/ipsec.widget.php using Plan A...
Hunk #1 succeeded at 34.
Hunk #2 succeeded at 66.
Hunk #3 succeeded at 109.
done
All patches have been applied successfully. Have a nice day.
root@XEN-FW:~ #
-
sir,
Please post a guide on how to configure an IPSEC VPN because this is required in our office
Just site to site configuration as i do not want inter branch communication, only branch to central office.
Im relatively new to Opnsense VPN Implementation so i need all the help i can get .
Ciao.
-
The guide is located here: https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html