Mobile Clients loosing connectivity akter 60 minutes
-
Hi together,
we implemented Mobile Client access with Windows 11 built-In VPN as IKEv2.
Everything works fine, but exactly after 60 minutes, the connectivity gets lost.
No logs on client or PFSense-side that is indicationg the cause of this.
employees must manually reconnect the tunnel to be able to work again.
Lifetimes are set to 10 hours, but this has no effect.Can anyone help?
-
@itBJA said in Mobile Clients loosing connectivity akter 60 minutes:
Mobile Client access with Windows 11 built-In VPN as IKEv2
I googled and found a similar question with at least one reply that seems to point towards a solution.
https://www.reddit.com/r/fortinet/comments/wf0a2m/internet_connection_breaks_every_2030_minutes/So based on this at least, the suggestion would be to check your PFS group settings on clients and pfsense...
-
Well. the Client is Windows-Built in whre you can't change PFS or anything in the frontend, only by Powershell.
I already tried some settings here.
What we did to adapt the settings, is checking the logs on the PF concerning "Received Proposals" and "Configured Proposals" to match them.
But as I understood, the initial PFS Group might be different from a later rekeying, what would be very weird.
I my former company we used this for many years without any issues. -
@itBJA said in Mobile Clients loosing connectivity akter 60 minutes:
But as I understood, the initial PFS Group might be different from a later rekeying, what would be very weird.
That would be wierd, but my understanding is that the initial setup can succeed even if there is a PFS mismatch between the client and server (might even be disabled at the client side). However during later rekey attempts it will certainly fail...