ipsec tunnel stops forwarding trafic once phase 1 lifetime is reached



  • hello all

    i guess the subject is quite self-explanatory : once the phase1 lifetime is reached, the IPSEC tunnel is marked up but stops forwarding any kind of traffic.

    i'm using AES256 , SHA512, DH15 ( 3072 ) should that be of importance

    the remote endpoint is AFAIK a strongswan running on a linux box. i'm unsure which version and have no access to the server but i can grab the information given enough time and phone calls.

    • why does that happen ?

    • can I instruct pfsense to monitor the tunnel and restart it should that be necessary ? ( i did configure a ping to a remote host which does not help. i'm looking for a gui solution. i can handle scripting but would rather not stick in hacks that may not survive an upgrade )

    • i assume this is a rekeying problem. any idea how that could be solved ?

    thanks for your time



  • correcting the above information, lifetimes above 3600 seconds still produce the same error after one hour. i'm thinking an upstream network equipment might time out.

    i'm currently checking with a smaller phase1 timer, hoping for better results