Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec tunnel disconnects after about 8 hours

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pforum
      last edited by

      Version 2.2.2-RELEASE

      We have several pfSense's setup with IPsec tunnels going to Cisco routers at several different locations.  Not all, but some customers with different routers, different ISPs, different locations, have an issue where when their work day is done the IPsec tunnel seems to disconnect some time overnight, usually around 8 hours after the last shift is done utilizing the connection to the cloud server.

      On a Saturday, it disconnected in the morning and then 8 hours later in the afternoon and then 8 hours later at night.  Obviously dying when the lifetime expires, but that should be the case because the connection is available at all times, assuming the DPD would work correctly.

      A ping from the cloud side brings the tunnel back up, or simply going in and reconnecting it.

      We've confirmed the security, lifetime, etc matches on both ends.

      If anyone has ran into this or has some suggestions of how to make sure the tunnel doesn't disconnect overnight that be great.  Because when workers come in the morning, the connection to their server is down, making for an issue everyday.

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        Because when workers come in the morning, the connection to their server is down, making for an issue everyday.

        try a fresh full install on a separate pfSense box and install please 2.2.5, I think there was an issue
        that got solved in the new version. If you have a spare box laying around I mean!

        1 Reply Last reply Reply Quote 0
        • P
          pforum
          last edited by

          I could test that out. However, we have sites on version 2.1.5-RELEASE as well as 2.2.2-RELEASE where this isn't happening at all.

          There doesn't seem to be anything common among all the sites having the issue.

          I would assume the tunnel would come back up once traffic from the physical side is initiated.  That doesn't seem to happen though.

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            @pforum:

            I could test that out.

            I would be the best as I see it right.

            However, we have sites on version 2.1.5-RELEASE as well as 2.2.2-RELEASE where this isn't happening at all.

            I don´t know about your versions, but here under the link is described what changes are done in IPSec exactly.
            New Features and Changes in pfSense 2.2.5

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.