IPsec Site-to-Site Tunnel Periodically Disconnects/Reconnects
-
Hello all,
I am attempting to build an IPsec VPN tunnel between an on-site machine and a Microsoft Azure instance. On-site, I have pfSense 2.6 installed on a VM. On the Azure end, I'm running pfSense+ 22.05.
When the tunnel is created, it is sometimes able to connect, at which point it behaves normally for roughly an hour, at which point checking the logs shows that a standard informational request is not returned. The IKEv2 initiator then sends a couple of keep-alive requests which are also not returned. After a few seconds, the instance which had previously been the IKEv2 responder sends an initiation request and attempts to establish an entirely new tunnel. After a period of time, this fails and the tunnel goes down.
After roughly an hour of trying to reconnect, the tunnel comes back up and behaves completely normally, and the cycle repeats itself.
In Phase 1 Settings, I have Lifetime set to 90000, Rekey time to 5000, Reauth Time set to 0, Rand Time set to 4500, and Child SA Close action set to Restart/Reconnect on both ends of the tunnel. For Child SA Start Action, I have played around with both ends being default, or one end being Initiate Only and the other end being Respond Only. With NAT Transversal I've tried both Auto and Force. Neither of these changes seem to have any impact.
If anyone has had any experience with similar behavior in the past, your help would be appreciated greatly.
Here is the specific page from console logs (with [CFG] messages filtered out) pertaining to right before the tunnel collapses:
I'm new to this forum, so if I missed any important context or you have any questions, I should be able to provide relevant details. Thanks!