Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec is going down every 24-48 hours help

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bchristopeit
      last edited by

      Hello, I have a big problem. I have 3 places with a pfsense 2.3.2_1 on a apu board.

      Place A: Main Building with telephone installation
      Place B: Bulding with telephones connected to telephon installation place a
      Place C: Bulding with telephones connected to telephon installation place a

      I created IPSec connections from Place A to B and A to C with this configuration:

      Key Exchange v2
      Internet Protocol IPv4
      Phase 1 AES256
      SHA256
      DH Group 14
      Lifetime 28800

      Phase 2 ESP
      AES256-CGM
      PFS key group 14
      Lifetime 3600

      Everything is fine at the beginning. Tunnel enabled and everyone can talk. After 24 or 48 hours the tunnel is still enabled but no traffic is possible. The only thing is to reboot the firewall. I found some entrys today after a new disconnect:

      charon: 05[KNL] <con20|4464>unable to query SAD entry with SPI d4631a5b: No such file or directory (2)
      charon: 13[KNL] <con1000|4005>unable to query SAD entry with SPI 02376479: No such file or directory (2)

      Could someone help me? Its really bad if they can`t use the telephones :(</con1000|4005></con20|4464>

      1 Reply Last reply Reply Quote 0
      • J Offline
        jlevesque
        last edited by

        when you say tunnel is enabled

        both phase 1 and 2 show up on each side?

        if you kill the tunnel, does it come back up?

        what kind of traffic you tried when it doesn't work?

        what kind setup on each side ? NAT etc

        1 Reply Last reply Reply Quote 0
        • B Offline
          bchristopeit
          last edited by

          If I stop every ipsec connection and restart it yes. I see phase 1 and 2. Now I can say after 48 hours the vpn connection will crash. Yesterday I got these error messages:

          <con2 40="">failed to establish CHILD_SA, keeping IKE_SA

          After every reboot I have a error message:

          Crash report begins.  Anonymous machine information:

          amd64
          10.3-RELEASE-p9
          FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:26:06 CDT 2016    root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense

          Crash report details:

          PHP Errors:
          [02-Dec-2016 04:01:23 Europe/Berlin] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/suhosin.so' - /usr/local/lib/php/20131226/suhosin.so: Undefined symbol "ps_globals" in Unknown on line 0

          at the moment I fixed my problem with a cron job. Every night at 4 a clock the the firewalls will reboot but this couldn`t be a solution.</con2>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.