IPsec stability and frequent CHILD_SA CREATE / DELETE
-
We have some problems regarding IPsec stability and I enabled Split connection, tunnel seems to be stable now, but logs are mess. On another side is Baracuda firewall.
It is very hard to get something useful from IPsec logs, as firewall fill 16MB of logs in ~5min.
I changed log location to remote syslog server to be able to save such amount of logs.In logs, lines like below, repeat 25 times per second.
How can I know on which side we have problem or which lines should I search for?2020-12-15 18:20:50.7452 charon: 11[NET] <con14000|597506> received packet: from B.B.B.B[500] to A.A.A.A[500] (496 bytes) 2020-12-15 18:20:50.7452 charon: 11[ENC] <con14000|597506> parsed CREATE_CHILD_SA response 188541 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ] 2020-12-15 18:20:50.7452 charon: 11[IKE] <con14000|597506> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 2020-12-15 18:20:50.7479 charon: 11[CFG] <con14000|597506> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ 2020-12-15 18:20:50.7479 charon: 11[IKE] <con14000|597506> CHILD_SA con14000{21123940} established with SPIs cb360a07_i 8bf6a151_o and TS x.x.x.0/25|/0 === y.y.y.0/28|/0 2020-12-15 18:20:50.7480 charon: 11[IKE] <con14000|597506> establishing CHILD_SA con14000{21123941} reqid 18 2020-12-15 18:20:50.7509 charon: 11[ENC] <con14000|597506> generating CREATE_CHILD_SA request 188542 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ] 2020-12-15 18:20:50.7510 charon: 11[NET] <con14000|597506> sending packet: from A.A.A.A[500] to B.B.B.B[500] (528 bytes) 2020-12-15 18:20:50.7510 charon: 09[NET] <con14000|597506> received packet: from B.B.B.B[500] to A.A.A.A[500] (96 bytes) 2020-12-15 18:20:50.7510 charon: 09[ENC] <con14000|597506> parsed INFORMATIONAL request 188550 [ D ] 2020-12-15 18:20:50.7511 charon: 09[IKE] <con14000|597506> received DELETE for ESP CHILD_SA with SPI bad3f101 2020-12-15 18:20:50.7511 charon: 09[IKE] <con14000|597506> closing CHILD_SA con14000{21123939} with SPIs cc38056e_i (0 bytes) bad3f101_o (0 bytes) and TS x.x.x.0/25|/0 === y.y.y.0/28|/0 2020-12-15 18:20:50.7512 charon: 09[IKE] <con14000|597506> sending DELETE for ESP CHILD_SA with SPI cc38056e 2020-12-15 18:20:50.7512 charon: 09[IKE] <con14000|597506> CHILD_SA closed 2020-12-15 18:20:50.7513 charon: 09[ENC] <con14000|597506> generating INFORMATIONAL response 188550 [ D ] 2020-12-15 18:20:50.7513 charon: 09[NET] <con14000|597506> sending packet: from A.A.A.A[500] to B.B.B.B[500] (96 bytes) 2020-12-15 18:20:50.7821 charon: 09[NET] <con14000|597506> received packet: from B.B.B.B[500] to A.A.A.A[500] (496 bytes) 2020-12-15 18:20:50.7821 charon: 09[ENC] <con14000|597506> parsed CREATE_CHILD_SA response 188542 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ] 2020-12-15 18:20:50.7821 charon: 09[IKE] <con14000|597506> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 2020-12-15 18:20:50.7847 charon: 09[CFG] <con14000|597506> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ 2020-12-15 18:20:50.7847 charon: 09[IKE] <con14000|597506> CHILD_SA con14000{21123941} established with SPIs c487fc04_i a08e5518_o and TS x.x.x.0/25|/0 === y.y.y.0/28|/0 2020-12-15 18:20:50.7847 charon: 09[IKE] <con14000|597506> establishing CHILD_SA con14000{21123942} reqid 18 2020-12-15 18:20:50.7881 charon: 09[ENC] <con14000|597506> generating CREATE_CHILD_SA request 188543 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ] 2020-12-15 18:20:50.7881 charon: 09[NET] <con14000|597506> sending packet: from A.A.A.A[500] to B.B.B.B[500] (528 bytes) 2020-12-15 18:20:50.7881 charon: 11[NET] <con14000|597506> received packet: from B.B.B.B[500] to A.A.A.A[500] (96 bytes) 2020-12-15 18:20:50.7881 charon: 11[ENC] <con14000|597506> parsed INFORMATIONAL request 188551 [ D ] 2020-12-15 18:20:50.7881 charon: 11[IKE] <con14000|597506> received DELETE for ESP CHILD_SA with SPI 8bf6a151 2020-12-15 18:20:50.7882 charon: 11[IKE] <con14000|597506> closing CHILD_SA con14000{21123940} with SPIs cb360a07_i (0 bytes) 8bf6a151_o (0 bytes) and TS x.x.x.0/25|/0 === y.y.y.0/28|/0 2020-12-15 18:20:50.7882 charon: 11[IKE] <con14000|597506> sending DELETE for ESP CHILD_SA with SPI cb360a07 2020-12-15 18:20:50.7882 charon: 11[IKE] <con14000|597506> CHILD_SA closed 2020-12-15 18:20:50.7882 charon: 11[ENC] <con14000|597506> generating INFORMATIONAL response 188551 [ D ] 2020-12-15 18:20:50.7884 charon: 11[NET] <con14000|597506> sending packet: from A.A.A.A[500] to B.B.B.B[500] (96 bytes)
-
pfSense version is: 2.4.5-RELEASE-p1 (amd64)