Mobile IPSec IKEv2 tunnel stops working
-
Hi,
I have an Atom C3758 appliance with pfsense 2.5.0 CE installed and just configured a Mobile IPSec IKEv2 tunnel as outlined in the following document:
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.htmlI am connecting with an iOS device and a macOS device, both latest OS versions. I noticed the connection is working fine for several seconds or sometimes minutes before it seems to die. It seems depending on the amount of data transferred I guess. Some SSH sessions were working fine for minutes, but when I started to surf via the tunnel, or do some file transfer, then the connection stops sending data almost immediately.
When I reconnect the tunnel the data was flowing again for a short time.I have MSS Clamping configured on 1360, based on some site-to-site tunnel needs.
I have tried a lot of different settings, and it did not change anything for the dying tunnel. Finally I disabled "Asynchronous Cryptography" and the tunnel was a bit more stable. It took more time before the tunnel was hanging again.Any ideas?
-
This post is deleted! -
I have found the problem;
https://redmine.pfsense.org/issues/11524
It is related to the combination of AES-NI and P2 SHA256.
Temporary workaround: disable AES-NI
I hope this will be fixed soon!