@TheStormsOfFury Fotgot to mention - you should be able to get something close to gbit in the public to public test. But you obviously aren’t in single session tests. Please make sure to do the parallel tests on public/public mode. We need to know if it’s your ISP throtteling/oversubscribing, or if it’s latency/out-of-order delivery between sites that causes this.
What is the Ping Return time between the sites?

@patient0 Fixed, I forgot to add the remote ID :).
Thanks for help.

@Matt_Sharpe

Two other options that come to mind

Alert on syslog. So if using a syslog server such as Graylog, you can have it alert you by sending an email when it sees entries for the tunnel going down.

Modify the scripts here - although meant for Zabbix i can see it easily being customizable for any monitoring tool

Seems like a perfectly good use case for Tailscale

@viragomann
Okay, I understand! Thanks for your help! In two weeks the connection will be implemented, then I'll get back to you on this.

Finally managed to solve it.
The issue was that the gateway wasn´t getting an IP address automatically because the VPN interface was created from 0.0.0.0/0 on my side.
Had to manually assign an IP address to the interface using the console (you cannot do it from the GUI).
Once I assigned an IP address to the interface (an unused /30 range) I was able to create the gateway on that interface and assign it the routes.
Then the routes showed up on the routing table and everything worked.

@plep Yeah, it can be a bit confusing. PfSense by default attempts to “combine” the subnets in P2s into one. That causes issues just like described where your other P2’s are “extended” from only the remote subnet to 0.0.0.0/0. To avoid this you need to tick the “Split Connections” box on your P1 for the tunnel then it will create several independant P2’s like the other end.

@NdubYu
I appreciate this is an old topic, but i have the same problem
Were you able to resolve ?
What was the issue ?
Thank you

Just for information to everyone, the problem was solved by changing (on both sides, of course) from IKE v1 to IKE v2.

@aldomoro
aha, so to restart dpinger helped me to get the VTI interface to the online status.
https://redmine.pfsense.org/issues/12764

Zabbix issue will be another story

@viragomann said in site to site VPN between pfSense 2.7.0 and Cisco ASR1001-X (1NG): phase 2 not working:

@getcom
🤦
I guess, it is an unerring admin of a big company likewise it was in my case.

a 150% admin...and yes a big company.
I sent him the log extracts in April and told him that I thought the problem might be a typo in the profile. Of course, he didn't believe me. Then we had a long, detailed e-mail ping-pong until he understood that he needed to look more closely at his Cisco router...