On Wed, Jul 17, 2013 at 9:16 AM, Peter Milazzo <
peter.mila...@somersetcapital.com> wrote:

> there. So there is already an IPsec tunnel running (which I disable)
> and 2 WAN connections using gateway group for failover. Could there be
> some sort of conflict with the IPsec even though I disable it?
>

I did this last weekend. I discovered that even though I disabled the IPsec
tunnel I was replacing with OpenVPN, the IPSEC policy rules were not
removed. You can see them with setkey -DP. I ended up just turning IPsec
off and back on, and those entries were not added back. I'm sure I could
have just removed those entries individually using setkey, but it was
quicker for me to just restart it.

In short, when you disable an IPsec tunnel, pfSense 2.0 does not remove the
associated policy entries that already exist. I do not know if 2.1 has the
same behavior.  Disabling IPsec entirely removes all policy entries.
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to