Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ipsec tunnel stops forwarding trafic once phase 1 lifetime is reached

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 353 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skullnobrains
      last edited by

      hello all

      i guess the subject is quite self-explanatory : once the phase1 lifetime is reached, the IPSEC tunnel is marked up but stops forwarding any kind of traffic.

      i'm using AES256 , SHA512, DH15 ( 3072 ) should that be of importance

      the remote endpoint is AFAIK a strongswan running on a linux box. i'm unsure which version and have no access to the server but i can grab the information given enough time and phone calls.

      • why does that happen ?

      • can I instruct pfsense to monitor the tunnel and restart it should that be necessary ? ( i did configure a ping to a remote host which does not help. i'm looking for a gui solution. i can handle scripting but would rather not stick in hacks that may not survive an upgrade )

      • i assume this is a rekeying problem. any idea how that could be solved ?

      thanks for your time

      1 Reply Last reply Reply Quote 0
      • S
        skullnobrains
        last edited by

        correcting the above information, lifetimes above 3600 seconds still produce the same error after one hour. i'm thinking an upstream network equipment might time out.

        i'm currently checking with a smaller phase1 timer, hoping for better results

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.