IPSec roadwarrior freezes after 15-60 minutes
-
Hi,
I need help debugging the following problem:
I have ab IPSec/ikev2 setup for roadwarriors. It connects fine and works, but after a short period (between 15 and 60 minutes), the traffic simply stops flowing through the channel. No error messages and the tunnel did not close, it simply stops flowing. If I quickly disconnect and reconnect, it works fine for another 15-60 minutes. No messages appear on the syslog, but I have only default syslog enabled.
Any idea of what it could be? Also, what specific debug should I enable in the IPSec config?Thank you,
Roberto
My setup (please advise if more info is required/desired):
pfSense CE 2.6.0 running in a Xen Citrix VM with xen tools installed
/var/etc/ipsec/strongswan.conf:Automatically generated config file - DO NOT MODIFY. Changes will be overwritten.
starter {
load_warning = no
}
charon {
# number of worker threads in charon
threads = 16
ikesa_table_size = 32
ikesa_table_segments = 4
init_limit_half_open = 1000
install_routes = no
load_modular = yes
ignore_acquire_ts = yes
cisco_unity = no
syslog {
identifier = charon
# log everything under daemon since it ends up in the same place regardless with our syslog.conf
daemon {
ike_name = yes
dmn = 1
mgr = 1
ike = 2
chd = 2
job = 1
cfg = 2
knl = 1
net = 1
asn = 1
enc = 1
imc = 1
imv = 1
pts = 1
tls = 1
esp = 1
lib = 1
}
# disable logging under auth so logs aren't duplicated
auth {
default = -1
}
}
plugins {
# Load defaults
include /var/etc/ipsec/strongswan.d/charon/*.conf
unity {
load = no
}
curve25519 {
load = yes
}
eap-radius {
load = 2
class_group = yes
eap_start = no
servers {
radius-wsus {
address = x.x.x.x
secret = "xxxxxxxxxxxxxxxxxx secret key xxxxxxxxxxxxxxxxxxxxxxxxx"
auth_port = 1812
acct_port = 1813
}
}
}
xauth-generic {
script = /etc/inc/ipsec.auth-user.php
authcfg = Radius-WSUS
}
attr {
dns = a.a.a.a,b.b.b.b,c.c.c.c
# Search domain and default domain
27674 = "mydomain.somewhere"
27675 = "mydomain.somewhere"
}
}
}