ipsec tunnel stops forwarding trafic once phase 1 lifetime is reached
-
hello all
i guess the subject is quite self-explanatory : once the phase1 lifetime is reached, the IPSEC tunnel is marked up but stops forwarding any kind of traffic.
i'm using AES256 , SHA512, DH15 ( 3072 ) should that be of importance
the remote endpoint is AFAIK a strongswan running on a linux box. i'm unsure which version and have no access to the server but i can grab the information given enough time and phone calls.
-
why does that happen ?
-
can I instruct pfsense to monitor the tunnel and restart it should that be necessary ? ( i did configure a ping to a remote host which does not help. i'm looking for a gui solution. i can handle scripting but would rather not stick in hacks that may not survive an upgrade )
-
i assume this is a rekeying problem. any idea how that could be solved ?
thanks for your time
-
-
correcting the above information, lifetimes above 3600 seconds still produce the same error after one hour. i'm thinking an upstream network equipment might time out.
i'm currently checking with a smaller phase1 timer, hoping for better results