Mobile IPSec IKEv2 tunnel stops working

RMB

Hi,

I have an Atom C3758 appliance with pfsense 2.5.0 CE installed and just configured a Mobile IPSec IKEv2 tunnel as outlined in the following document:
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html

I am connecting with an iOS device and a macOS device, both latest OS versions. I noticed the connection is working fine for several seconds or sometimes minutes before it seems to die. It seems depending on the amount of data transferred I guess. Some SSH sessions were working fine for minutes, but when I started to surf via the tunnel, or do some file transfer, then the connection stops sending data almost immediately.
When I reconnect the tunnel the data was flowing again for a short time.

I have MSS Clamping configured on 1360, based on some site-to-site tunnel needs.
I have tried a lot of different settings, and it did not change anything for the dying tunnel. Finally I disabled "Asynchronous Cryptography" and the tunnel was a bit more stable. It took more time before the tunnel was hanging again.

Any ideas?

RMB

This post is deleted!

RMB

I have found the problem;

https://redmine.pfsense.org/issues/11524

It is related to the combination of AES-NI and P2 SHA256.

Temporary workaround: disable AES-NI

I hope this will be fixed soon!