Troubleshooting IPsec VPNs

Due to the finicky nature of IPsec it is not unusual for trouble to arise with tunnels when creating them initially or over time.

Follow the troubleshooting advice in this section to diagnose and solve most common problems with IPsec tunnels on pfSense® software.

Troubleshooting IPsec

• Troubleshooting IPsec Connections
  • IPsec connection names
  • Manually connect IPsec from the shell
  • Tunnel does not establish
  • “Random” tunnel disconnects/DPD failures on low-end routers
  • Tunnels establish and work but fail to renegotiate
  • DPD is unsupported and one side drops while the other remains
  • Tunnel establishes when initiating but not when responding
  • Tunnel establishes at start but not when disconnected
  • Tunnel stops attempting connections after timeout
• Troubleshooting IPsec Traffic
  • Tunnel establishes but no traffic passes
  • Some hosts work but not all
  • Connection hangs
  • Disappearing traffic
• Troubleshooting IPsec Logs
  • IPsec log interpretation
  • Successful connections
  • Failed connection examples
• Troubleshooting Duplicate IPsec SA Entries
  • Current version (2.5.0 and later)
  • Version 2.4.5-p1 and older
  • Other notes