This looks indeed not possible to do. Post may be locked.

@jimp Thanks to! Changed to TLS Web Server certificate, error disappeared.

anyone?

@jimp Thanks again! I'll have a look into a way of automatically deploying the certificates per user, per device then. I have a CA external to pfSense I can leverage for that. This will let me get the core users we need going in the meantime. Have a great day Matt :)

@walid-0 said in 1 out 2 IPSEC connections drops after random time.: If you only get disconnected in phase2 please use IKEv1 instead of IKEv2 this will enable reauthentication and the phase2 will renew every time the life time reach to 90% Even if this worked, I don't know that I would suggest using IKEv1 to resolve it. IKEv2 provides many benefits over the IKEv1, but a failed child SA is just a miss configuration and should be fixable.

The document I linked has all the information you'll need to get it working properly.

@tstok I'm possibly not following what you're trying to do, but the tunnel IPs are just arbitrary point to point numbers. You can then route through the point to point vti interface. I can't see any reason why you'd have to create 60 tunnels.

@mathijsk Thank you for posting this! I, too, had all my IPSec tunnels go down, but I didn't realize it because I very rarely use them. Meanwhile, I was trying to setup a "Mobile Clients" vpn and have been banging my head against the wall for a few weeks now getting stuck with vague errors and no working connections. I, too, had not configured IPv6 and when I checked my WAN interface it was setup for DHCP6. When I set that to None, everything came back up. I don't know how it got set to DHCP6 as my ISP does not provide addresses with DHCP, so it must have gotten switched on with some update.

Nobody?