Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection drops after ~12h and does not reconnect

    IPsec
    1
    1
    2400
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PhYrE
      last edited by

      I've had a Linksys WRV200 VPN routers acting as a VPN gateway at an office for some time and four WRV200 VPN routers connecting to it (remote sites).  I have changed one of these to pfSense and while the others continue to work fine, the pfSense one experiences a problem.

      It connects fine, providing great access, speed and so on.  After maybe 12 hours, it disconnects and won't pick it up again.  If I restart IPSec on pfSense, it reconnects and works again for the usual period of time.  It successfully establishes an encryption tunnel with 3dec-cbc and hmac-sha1 via ESP, however as stated, then drops the connection after some period of time (usually about 12 hours).

      Logs on pfSense show the following four messages repeating without fail once per minute
      racoon: INFO: delete phase 2 handler.
      racoon: [office]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP <removed office="" ip="">[0]->99.247.58.103[0]
      racoon: INFO: request for establishing IPsec-SA was queued due to no phase1 found.
      racoon: INFO: delete phase 2 handler.

      VPN:IPSec:
      Interface: WAN
      Local subnet: LAN subnet
      Remote subnet: 192.168.16.0/24
      Remote Gateway: <removed office="" ip="" address="">Description: office
      Phase 1:
      Negotiation mode: main
      My identifier: My IP address
      Encryption algorithm: 3DES
      Hash algorithm: SHA1
      DH key group: 2
      Lifetime: <blank>Authentication Method: pre-shared key
      Pre-shared key: <removed>Certificate, key, peer-certificate: <blank>Phase 2:
      Ptotocol: ESP
      Encryption Algorithms: 3DES, Blowfish
      Hash Algorithms: SHA1, MD5
      PFS key group: off
      Lifetime: <blank>Keep alive:
      Ping host: <blank>WRV200 configuration:
      VPN tunnel: enabled
      Tunnel name: office
      NAT Traversal: disabled
      Local secure group: subnet / 192.168.16.0 / 255.255.255.0
      Remote secure group: any
      Remote secure gateway: any
      Key management:
        Key exchange method: Auto (IKE) [only option]
        Operation mode: Main
        ISA/KMP Encryption Method; Auto
        ISA Authentication Method: MD5 [can't be changed- greyed]
        ISA/KMP DH Group: Group 2 (1024 bits)
        ISA/KMP Key lifetime(s): 28800
        PFS: Disabled
        IPSec Encryption Method: Auto
        IPSec authentication method: MD5 [can't be changed- greyed]
        IPSet key lifetimes: 3600
        Pre-shared key: <removed>Tunnel Options:
        Dead peer detection: checked
        Detection delay: 30
        Detection timeout: 120
        DPD Action: Recover connection
        Anti-replay: checked</removed></blank></blank></blank></removed></blank></removed></removed>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post