Site to Site Dropping

djnrg787

So I'm running pfsense 2.2.4 with a IPsec peer on Meraki/cisco and every 8 hours during its rekey the connection goes dark. whats even more frustrating is if the peer router is rebooted 4 hours into that 8 it wont rekey until the 8 hours has expired, meaning no connection for 4 more hours unless the IPsec service and the cisco are rebooted. per cisco I'm using  P1 main/3des/sha1 and P2 didn't matter its esp aes256 which matches the cisco both have the 28800 lifetime P1/P2. I'm at a loss I thought it was originally due to my pfsense firmware being over a year old but the problem still exists. Now pfsense is loaded with DPD logs so I cant watch whats happening. I'm about to go back to open vpn until this can be fixed its keeping me up at night..

djnrg787

If it helps any im sure its similar to the asa routers. im just surprised nobody has any ideas yet.

brevilo

during its rekey the connection goes dark

Same here with 2.2.5 on both ends. Might be related to this one as I'm also seeing multiple SAs…

cmb

brevilo: your issue is different, please start your own thread.

djnrg787: nothing to go on there to suggest anything. What do the IPsec logs on both sides show? Enable DPD on both sides if you haven't already.

brevilo

@cmb:

brevilo: your issue is different, please start your own thread.

Fair enough. It looks similar to this and I'm gathering logs right now…