OPNsense 24.10.2_6 corrupting IPSec config?

[Cerberus]

Hi all,

since yesterday, i have a hell of a ride with my OPNsense Business installations. All of them running 24.10.2_6 and i have massive issues with IPSec connections.

One Firewall is standalone and on another site, i have a pair building an CARP Cluster. Trouble starts as soon i try to edit something on a IPSec connection or just press save in one connection, several connections fail to start, under Status Overview i can see atleast one connection always appear twice, but with the protocol Version "1" instead of IKEv1 or IKEv2. There are some connections that always work and some that always fails since then. For affected connections, i cant see any outgoing traffic on my wan interface, only incoming.

I see a lots of "charon 28998 - [meta sequenceId="18483"] 04[NET] error writing to socket: Network is down" spam in /var/log/ipsec.log

ipsec status show these strange status, these are the entrys without a proper IKE Protokol in the status windows on my screenshot.

  (unnamed)[63]: CONNECTING, x.x.x.x[%any]...x.x.x.x[%any]

Same happens to my CARP Cluster, but here it only affects the master firewall where i edit connections. When i make my backup to master, all ipsec connections work fine, even after syncing from the master to my backup, connections still work.

For me it looks like editing IPSec connections corrupts something and break several existing connections.

Surricata is disabled, no filtering software, i can ping all ipsec wan endpoint. Loading an older config before that issue does not help. Atleast my CARP Backup is doing well for now.

I am out of ideas.