IPSEC tunnel to Fortigate
-
Completely perplexed by this, running a hyper-v VM for about 2yrs now, we have about 20 ipsec tunnels all been running fine without issue for several months. Running version 2.6 at the moment. We are using fortigates of varying OS versions primarily, then have a few unifi devices. Everything has been very stable, then out of the blue 2 days ago no traffic will go a over the tunnel, all the other tunnels are fine. There have been 0 changes on pfsense for over 90 days at this point. So not a config issue. This particular tunnel runs to a fortigate, the tunnel is connected, but not passing traffic. We have another tunnel from the fortigate that goes to another fortigate and it works fine.
So far we have replaced the fortigate and brought the tunnels back online, fortigate to fortigate works, pfsense to fortigate connects but no traffic. We have blown away the config for this particular tunnel, rules and ipsec config and rebuilt, and same result. Oh one other thing, we rebooted the pfsense vm, and still same issue, however, the next morning the tunnel was working again for about 36 hours and now we are experiencing the same issue.
Not really sure where to look at this point.
Thanks
-
I just took a look at the states and it says
TCP - Source (pfsense) to Destination(Fortigate) - SYN_Sent:Closed
UDP - Source (pfsense) to Destination(Fortigate) - Single:_No_Traffic
TCP - Source (pfsense) to Destination(Fortigate) - SYN_Sent:Closed -
This is super odd, we are connect back and passing traffic out of the blue - could this be some really crazy ISP thing?