Multiple IPsec Phase2 connections - No link



  • Hello everyone,

    following problem with an IPsec connection of a pfSense:

    Initial situation:

    • 1x phase 1
    • 2x phase 2 (two IP circuits)

    At irregular intervals, Phase 2 builds up several times and a link via the VPN is no longer possible.

    Disconnecting and reconnecting the connection will then bring about a short-term improvement.

    thanks in advance
    Christian

    eb5328ba-1acc-4264-bcb2-e034e446b360-grafik.png



  • as jimp wrote, set your tunnel to the following modes:

    Side 1: IKEv2, Rekey configured, Reauth disabled, child SA close action set to restart/reconnect
    Side 2: IKEv2, Rekey configured, Reauth disabled, responder only set, child SA close action left at default (clear)

    See also:

    https://redmine.pfsense.org/issues/10176


Log in to reply