IPSec is going down every 24-48 hours help
Hello, I have a big problem. I have 3 places with a pfsense 2.3.2_1 on a apu board.
Place A: Main Building with telephone installation
Place B: Bulding with telephones connected to telephon installation place a
Place C: Bulding with telephones connected to telephon installation place a
I created IPSec connections from Place A to B and A to C with this configuration:
Key Exchange v2
Internet Protocol IPv4
Phase 1 AES256
DH Group 14
Phase 2 ESP
PFS key group 14
Everything is fine at the beginning. Tunnel enabled and everyone can talk. After 24 or 48 hours the tunnel is still enabled but no traffic is possible. The only thing is to reboot the firewall. I found some entrys today after a new disconnect:
charon: 05[KNL] <con20|4464>unable to query SAD entry with SPI d4631a5b: No such file or directory (2)
charon: 13[KNL] <con1000|4005>unable to query SAD entry with SPI 02376479: No such file or directory (2)
Could someone help me? Its really bad if they can`t use the telephones :(</con1000|4005></con20|4464>
when you say tunnel is enabled
both phase 1 and 2 show up on each side?
if you kill the tunnel, does it come back up?
what kind of traffic you tried when it doesn't work?
what kind setup on each side ? NAT etc
If I stop every ipsec connection and restart it yes. I see phase 1 and 2. Now I can say after 48 hours the vpn connection will crash. Yesterday I got these error messages:
<con2 40="">failed to establish CHILD_SA, keeping IKE_SA
After every reboot I have a error message:
Crash report begins. Anonymous machine information:
FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:26:06 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense
Crash report details:
[02-Dec-2016 04:01:23 Europe/Berlin] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/suhosin.so' - /usr/local/lib/php/20131226/suhosin.so: Undefined symbol "ps_globals" in Unknown on line 0
at the moment I fixed my problem with a cron job. Every night at 4 a clock the the firewalls will reboot but this couldn`t be a solution.</con2>