Random IPSec disconnects



  • We have 2 VTi ipsec tunnels running from our office to main location. I have established 2 tunnel connections since we have dual WAN setup (failover ipsec is NOT working for unknown reasons). Everything else works fine but sometimes the main tunnel (which is on dynamic address with dyndns) breaks randomly and I can't bring it up unless I restart IPSec service on Pfsense which is in data centre on main location. Other tunnels that are on central location (including backup one on office which is on static public ip) are working. There is traffic over vpn, quite lots of it so can't say there's nothing going on because it's idle (there's replication going over it). I also get constant Ipsec log on office pfs when tunnels are working:

    06[KNL] <con2000|1698> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 in failed, not found

    54bfadc8-6b0d-4768-8410-ae13251b92ea-image.png

    On main site there's this log:

    14[IKE] <con5000|3583> establishing CHILD_SA con5000{147656} reqid 5000
    14[IKE] <con5000|3583> inbound CHILD_SA con5000{147656} established with SPIs cbcd8a2c_i cda89a28_o and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0
    14[IKE] <con5000|3583> outbound CHILD_SA con5000{147656} established with SPIs cbcd8a2c_i cda89a28_o and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0
    14[IKE] <con5000|3583> closing CHILD_SA con5000{147593} with SPIs ccb5aa8a_i (380 bytes) cbbc14b6_o (736 bytes) and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0

    And repeats constantly with different numbers before xx[IKE], tunnels are working fine in that moment.



  • me tooCapture.PNG


Log in to reply