[solved] IPSEC/IKEv2 Long Connect Time
-
I have configured IPsec/IKEv2 on my pfSense 2.4.4-RELEASE-p3 to connect from an iPhone with iOS 13.4.1. If I try to establish the VPN connection it takes abbout 35 seconds until the connection is made. Afterwards everything is wortking fine. I tried another iOS device (iPad) with the same result.
I am quite sure that I did not have such long connection times before. However, currently I have no idea what I could have changed.
Does anybode seen that before and can give me a hint where to look?
What config information do you need?
Thanks! -
What shows up in the IPsec log for that entire duration?
-
Hm, the log messages do not start before 30 seconds after I try to connect. So it seems that there is no connection attempt before!?
Could that be because the host name I am using resolves to both an IPv4 and and IPv6 address but my VPN is only reachable via IPv4?
Maybe the iPhone first tries to connct via IPv6 and then, if the server is not answering, then tarts to connect via IPv4? Could that be the case maybe?
-
That could definitely be the case. It sounds like it's the client, and DNS or IPv6 failback would be top suspects.
-
Ok, I just changed the DynDNS host name for my router so that only the A record is give back by DNS and no longer the AAAA record. And it seems that the connection is now fast again... Thanks for pointing me to the right direction. I guess that my mobile provider now give me a IPv6 address as well, so that the iPhone does try that first before falling back to the IPv4 address.