IPsec not reconnecting after site failure
-
So I have two sites (main and remote) with both having a pfsense box and are connected via an site-to-site IPsec tunnel using routed VTI. The main site uses a public static IP but the remote site is behind a CGNAT (so private IP assigned to WAN interface). To make the tunnel work, I had to have a DDNS entry for the remote site WAN interface and put that as the peer identifier in the main site IPsec settings. I also had to check "Responder only" on the main site IPsec settings. I have DPD check on both sides.
So to establish the connection, I have to click the Connect button under Status -> IPsec. After this, if I restart either of the pfsense boxes I don't have any issues with the remote pfsense box reconnecting and re-establishing the IPsec tunnel. The problem is when either of the site has an Internet outage for say more than an hour, the tunnel does not automatically get reconnected. I have to do the manual "Connect" process again under Status -> IPsec.
I also don't use the "automatically ping host" feature in the phase 2 settings of both sides because I already have gateway monitoring (by pinging the IPsec interface IP on the far side) set. I read somewhere that this does the same thing with routed VTI.
@jimp Any ideas how I can solve the reconnection failure?