Azure Pfsense IPSEC tunnel to cell carrier - dropped traffic

  • We have a single IPSEC tunnel with multiple phase 2's for different subnets with a carrier provider. Everything is up and working and all 5 phase 2's negotiate and pass traffic. On occasion, around once every 24 hours, one or two of the subnets will stop passing traffic. The only way to restore is to disconnect the phase 2 and it will re-establish and pass traffic. It seems to be random anywhere from 24 to 12 hours where it will stop traffic. They all seem to resolve themselves if I an unable to witness and manually restart the phase 2 connection.

    Specs :

    2.4.4-RELEASE-p3 (amd64)

    Phase 1
    AES 256, SHA 256 DH15
    Lifetme 86400

    Phase 2
    AES 256, SHA 256 PFS key group 15
    Lifetime 3600

    Verified matching on both side and negotiation does not seem to be the issue.

    Is there a pfsense issue that might be causing traffic to stop flowing after a period of time

    I read briefly about an old SA timers bug that was causing issues in earlier versions but i had not seen any issues on 2.4.4-RELEASE-p3.

    Any assistance is greatly appreciated.

Log in to reply