Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec Random Disconnects

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kevin
      last edited by

      We have a site running 2b4 Nov22 on a Soekris net5501-70 with a VPN1411 HiFn crypto card (not using AES Bug #754) that connects to a Sonicwall.  The tunnel breaks at random, on average 2 times per day and sometimes comes up within a minute or may stay down 15 minutes.  I have zero access to the Sonicwall on the other end, but it does have 4 other tunnels coming in all from other Sonicwall devices.

      The admin on the Sonicwall says he see no errors in the logs on his end and I see none on my end.  I have not been able to catch it down.  The other IT company I am working with gets the call first and it is always up by the time I get word.

      We have tried with and without DPD. The pfSense book mentions this for troubleshooting.  I have turned on the keep alive ping and set it to the server they are connecting to.

      The other IT company changed the router out to a Sonicwall device yesterday and so far it has not went down. I have been running m0n0wall to m0n0wall and pfSense to pfsense and pf to m0n0 IPsec tunnels for years without issue.

      We also have another site connecting to a Cisco load balancer and have had zero issues with it.

      Could the IPsec in Sonicwall be slightly non standard?  Could it be a carrier issue? Both sites are using Cable connections from the same carrier and are located within 10 miles.
      Any Ideas?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        When the tunnel "breaks" what is its status in the WebGUI? Does it show as active still?

        Have you tried checking "Prefer old IPsec SAs" in the advanced options? I've had to check that quite often when dealing with IPsec devices from other vendors.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          Kevin
          last edited by

          I do not know by the time they call me it is back up.

          Thanks Jim.  I had forgotten about that option.  Will give it a try.  We are going to setup a test connection in my lab to the box in question.  Just not sure of a good way to monitor it.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.