IPSec is going down every 24-48 hours help
-
Hello, I have a big problem. I have 3 places with a pfsense 2.3.2_1 on a apu board.
Place A: Main Building with telephone installation
Place B: Bulding with telephones connected to telephon installation place a
Place C: Bulding with telephones connected to telephon installation place aI created IPSec connections from Place A to B and A to C with this configuration:
Key Exchange v2
Internet Protocol IPv4
Phase 1 AES256
SHA256
DH Group 14
Lifetime 28800Phase 2 ESP
AES256-CGM
PFS key group 14
Lifetime 3600Everything is fine at the beginning. Tunnel enabled and everyone can talk. After 24 or 48 hours the tunnel is still enabled but no traffic is possible. The only thing is to reboot the firewall. I found some entrys today after a new disconnect:
charon: 05[KNL] <con20|4464>unable to query SAD entry with SPI d4631a5b: No such file or directory (2)
charon: 13[KNL] <con1000|4005>unable to query SAD entry with SPI 02376479: No such file or directory (2)Could someone help me? Its really bad if they can`t use the telephones :(</con1000|4005></con20|4464>
-
when you say tunnel is enabled
both phase 1 and 2 show up on each side?
if you kill the tunnel, does it come back up?
what kind of traffic you tried when it doesn't work?
what kind setup on each side ? NAT etc
-
If I stop every ipsec connection and restart it yes. I see phase 1 and 2. Now I can say after 48 hours the vpn connection will crash. Yesterday I got these error messages:
<con2 40="">failed to establish CHILD_SA, keeping IKE_SA
After every reboot I have a error message:
Crash report begins. Anonymous machine information:
amd64
10.3-RELEASE-p9
FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:26:06 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[02-Dec-2016 04:01:23 Europe/Berlin] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/suhosin.so' - /usr/local/lib/php/20131226/suhosin.so: Undefined symbol "ps_globals" in Unknown on line 0at the moment I fixed my problem with a cron job. Every night at 4 a clock the the firewalls will reboot but this couldn`t be a solution.</con2>