IPSEC stops working after a couple hours
-
Hi!
Have a look:
https://firstlook.org/theintercept/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/
…maybe your NSA exploit needs an update...
-
I've been fighting this as well and it just started happening in the 2.2.1-RELEASE update. The connection shows up as connected in the status: IPsec page, but I can't ping the other end, and the other end can't ping me. It seems to happen when the connection gets a second entry in the "Child SA" section. If I expand that entry and delete the bottom entry, the connection immediately comes back and I can ping from both ends of the tunnel again.
I'm not too familiar with how IPsec operates, so I've been trying to muck about with logging to figure out what is happening, but I presume it's some kind of bug given it worked flawlessly on 2.2.
-
Looks like this issue:
https://forum.pfsense.org/index.php?topic=88293.0It is not yet solved - besides other IPsec issues like this one:
https://forum.pfsense.org/index.php?topic=87946.0Both issues together are unfortunately a show stopper for IPsec under pfSense. I am glad with OpenVPN: It's stable and easier to configure.
Regards,
Peter -
I too have this problem using IPsec and the Shrewsoft VPN access manager. couldn't find a solution either, hope there will be a fix soon.
@pvoigt, I beg to differ, I tried OpenVPN and even though I don't know if there's an easier way to set it up than in the pfSense Wiki guide, I didn't have to create any Certificates / Authorities and copy them to my local pc.
This however may come at the price of not beeing as secure, but openvpn seemed not easy at all to me.
-
i see the same issue on 2.2 and a bit skeptical flashing over to 2.2.1 and just downgrading back to 2.1.5 as it's working fine for me.
tunnel shows that it's online but no ping response. restarting the service brings everything back up. -
I'm trying out changing out to IKEv2, as per https://forum.pfsense.org/index.php?topic=90999.0
Will see in a day or so if it's any happier… -
I've IPSEC running between 6 sites (all pfsense and no issues whatsoever)
What phase1 and phase 2 settings are u using on both devices? -
What version are you running? Site to Site Tunnels were rock solid in 2.2, but in 2.2.1 they are causing some of us problems, typically when the re-keying occurs.
-
if you started having rekeying issues with 2.2.1, the fix is here:
https://forum.pfsense.org/index.php?topic=91627.0 -
@cmb:
if you started having rekeying issues with 2.2.1, the fix is here:
https://forum.pfsense.org/index.php?topic=91627.0That didn't fix it for me.
-
Hi charlien,
does your issue look like this?
https://forum.pfsense.org/index.php?topic=91020.0
Many Phase II tunnels for only a single SA? Phase I established? No data went through?