Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC tunnel goes down every day

    IPsec
    1
    3
    37
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MarekORDI last edited by

      A month ago I switched our company's firewalls over to PFSense.

      Everything was working fine for a month until two days ago when IPsec tunnel went down after work hours. I found out about this the next day and tried to get it working again but suddenly the tunnel went up again. The same thing happened the next day. I cannot figure out what the problem is.

      Tunnel is working between around 08:45 - 09:00 to around 17:00 - 17:15 and then refuses to reestablish before 08:45 - 09:00 in the morning.

      Here is the config for ipsec on SITE_A. SITE_B is identical but only IP-s changed.

      conn con1000
    fragmentation = yes
    keyexchange = ikev2
    reauth = yes
    forceencaps = no
    mobike = no

    rekey = yes
    installpolicy = yes
    type = tunnel
    dpdaction = restart
    dpddelay = 10s
    dpdtimeout = 60s

    auto = route
    left = SITE_A_IP
    right = SITE_B_IP
    leftid = SITE_A_IP
    ikelifetime = 28800s
    lifetime = 3600s
    ike = aes256-sha256-modp2048!
    esp = aes256gcm128-sha256-modp2048!
    leftauth = psk
    rightauth = psk
    rightid = SITE_B_IP
    rightsubnet = 192.168.1.1/24
    leftsubnet = 192.168.10.0/24

      Any help would be appreciated.

      M 1 Reply Last reply Reply Quote 0
      • M
        MarekORDI @MarekORDI last edited by

        @MarekORDI

        I will add logs from today's morning. Last connection was successful but before failed.

        IPSEC_log.txt

        1 Reply Last reply Reply Quote 0
        • M
          MarekORDI last edited by

          Found out the cause. ISP was suddenly blocking the connection for no apparent reason.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy