Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Random IPSec disconnects

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 421 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bbiketa
      last edited by

      We have 2 VTi ipsec tunnels running from our office to main location. I have established 2 tunnel connections since we have dual WAN setup (failover ipsec is NOT working for unknown reasons). Everything else works fine but sometimes the main tunnel (which is on dynamic address with dyndns) breaks randomly and I can't bring it up unless I restart IPSec service on Pfsense which is in data centre on main location. Other tunnels that are on central location (including backup one on office which is on static public ip) are working. There is traffic over vpn, quite lots of it so can't say there's nothing going on because it's idle (there's replication going over it). I also get constant Ipsec log on office pfs when tunnels are working:

      06[KNL] <con2000|1698> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 in failed, not found

      54bfadc8-6b0d-4768-8410-ae13251b92ea-image.png

      On main site there's this log:

      14[IKE] <con5000|3583> establishing CHILD_SA con5000{147656} reqid 5000
      14[IKE] <con5000|3583> inbound CHILD_SA con5000{147656} established with SPIs cbcd8a2c_i cda89a28_o and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0
      14[IKE] <con5000|3583> outbound CHILD_SA con5000{147656} established with SPIs cbcd8a2c_i cda89a28_o and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0
      14[IKE] <con5000|3583> closing CHILD_SA con5000{147593} with SPIs ccb5aa8a_i (380 bytes) cbbc14b6_o (736 bytes) and TS 0.0.0.0/0|/0 === 0.0.0.0/0|/0

      And repeats constantly with different numbers before xx[IKE], tunnels are working fine in that moment.

      1 Reply Last reply Reply Quote 0
      • C
        ccb056
        last edited by

        me tooCapture.PNG

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.