Dual WAN IPSec with VTI flapping after creating interface? - PFSense Azure to Cisco Service Provider. Help appreciated!
-
We are trying to create dual wan ipsec tunnels from our azure pfsense VM to a cisco service provider. For this, the provider (if connecting to azure) requires a VTI phase2 to be able to communicate BGP routes for reasons out of our control.
We have gotten to the point where we get both IPSEC tunnels Phase 1 to run and is stable.
Then when we then try to attach the interfaces for IPSEC/VTI (->Interface->Assignments) it creates ipsec1000 and ipsec2000. Once that occurs the IPSEC/VTI tunnel begins flapping on/off roughly every 60 seconds.
What's also interesting is that after we create the IPSEC/VTI tunnel interface, it doesn't create a firewall interface for the OPT1 OPT2 interfaces. It only shows WAN1, WAN2, IPSEC under the Firewall/Rules settings.
When our neighbor shuts off Phase2 on their end, our IPSec tunnels stay active and do not bounce.
We are seeing a couple error logs that seem to stand out.
querying policy 192.168.255.253/32|/0 === 192.168.255.252/30|/0 in failed, not found
querying policy 192.168.255.252/30|/0 === 192.168.255.253/32|/0 out failed, not foundalso seeing the error: /rc.newipsecdns: The command '/sbin/ifconfig 'ipsec1000' create reqid '1000'' returned exit code '1', the output was 'ifconfig: create: bad value'
Any help is appreciated!