Intermittent IPSEC VPN with Fortigate



  • Hello, I have a curious situation.

    I have several IPSEC site tunnels to site between a Fortigate 800D (array) and in the other tips (affiliates) I have Linux Server and pfSense.
    It worked fine, years ago, so from last week to here, a very strange problem has arisen.
    Simply the tunnels are in active, but nothing happens for them, a simple ping does not work, nor traceroute, it is as if the routing table was lost, if I restart the equipment (Linux and pfSense) sometimes it works again, the times not, but intermittent.
    Looking at the Linux server log, I find this information: "closing expired child_sa", but the tunnel is up.
    Already in pfSense, which is in another branch, I saw these messages in the logs:
    "Sep 18 12:44:07 charon 13 [ENC] <1> generating ID_PROT response 0 [SA V V V V]
    Sep 18 12:44:07 charon 13 [NET] <1> sending packet: from 10.2.251.1 [500] to 10.2.251.53 [500] (156 bytes)
    Sep 18 12:44:07 charon 13 [NET] <1> received packet: from 10.2.251.53 [500] to 10.2.251.1 [500] (220 bytes)
    Sep 18 12:44:07 charon 13 [ENC] <1> parsed ID_PROT request 0 [KE In NAT-D NAT-D]
    Sep 18 12:44:07 charon 13 [CFG] <1> candidate "bypasslan", match: 1/1/24 (me / other / ike)
    Sep 18 12:44:07 charon 13 [CFG] <1> candidate "con1000", match: 1/1/3100 (me / other / ike)
    Sep 18 12:44:07 charon 13 [ENC] <1> generating ID_PROT response 0 [KE In NAT-D NAT-D]
    Sep 18 12:44:07 charon 13 [NET] <1> sending packet: from 10.2.251.1 [500] to 10.2.251.53 [500] (236 bytes) "
    Also with the tunnel in high, but no communication between the tips.

    Anyone have any idea what that might be?

    Appreciate !


Log in to reply