Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC tunnel traffic stops working after 1-2 hours after upgrade 2.3.4_p1

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 835 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rbird
      last edited by

      We were running 2.2.5 or 2.2.6. Upgraded to 2.3.4_p1.  About one week after the upgrade the ipsec tunnel started acting up.
      It is connected to a pfsense 2.3.1.  After 1-2 hours the vpn status shows as established but I lose ping to the remote server.  A quick disconnect/connect fixes it but I can't have this happening all the time.

      The 2.3.4_p1 is connected to a pfsense 2.2.5 without issue (good thing since this is the office-to-data center connection).

      Any settings I could change to make this stable?  Or can I schedule a restart of a single ipsec tunnel every 30 minutes? Or should I install the old version and restore from backup?

      Thanks
      Roger

      1 Reply Last reply Reply Quote 0
      • w0wW
        w0w
        last edited by

        Or should you update all you pfSenses to the latest version?  :D
        Why did you update if it was working flawlessly?

        1 Reply Last reply Reply Quote 0
        • G
          greaseball
          last edited by

          @rbird:

          We were running 2.2.5 or 2.2.6. Upgraded to 2.3.4_p1.  About one week after the upgrade the ipsec tunnel started acting up.
          It is connected to a pfsense 2.3.1.  After 1-2 hours the vpn status shows as established but I lose ping to the remote server.  A quick disconnect/connect fixes it but I can't have this happening all the time.

          Thanks
          Roger

          I'm having the same exact problem on one of IPSec tunnels. IKEv1 from my pfSense 2.3.4p1 to an OpenBSD on far end. Traffic works perfectly, then at about 2 hours, all phase 2 traffic stops but the tunnel stays up. It's almost like tunnels are not getting torn down and re-built after a re-key/re-auth. If cycle the tunnel, everything comes back, then at 2 hours nothing. (oddly, all of my IKEv2 tunnels don't have this problem, all of those are pfSense > pfSense). This is a site-to-site IPSec, not a VPC.

          I checked for duplicate routes, and there aren't any. I'm not seeing anything logs pointing to any clues as to why this is happening. I thought this might be related to this issue: https://forum.pfsense.org/index.php?topic=135557.0

          However we're not using OpenBGP (it's not even installed) and we don't have any tunnels to VPC.

          Neither of us are seeing any logs on either side giving us an idea as to why everything would work fine then stop suddenly around the 2 hour mark. Any assist as to how to troubleshoot this would be great. Thank you.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.