Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two tunnels to same endpoint after brief outage

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 401 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK
      keyser Rebel Alliance
      last edited by

      Hi.

      I have observed a strange issue on a site2site VPN setup I have.
      SG-6100 -> SG-2100 both running 22.05
      One Phase1 tunnel and one Phase2 policy. It has been running for months without issues unless there is a brief Internet outage.
      After the outage there will be two tunnels between the boxes, and they will both renew every 10 - 15 sec or so. This fills the IPSec log MASSIVELY, but traffic still flows “unnoticably” over the tunnel.

      One end is setup using pure default initiation and closure settings (and timers).
      The other end is setup to start the tunnel at startup, and close and reconnect if the tunnel goes down.
      Also, this site has shorter timers so it will always be this end that times out existing tunnels and reestablishes them.

      Like explained, a short outage can cause two tunnels to continiously reestablish themselves. Both initiated from the end setup to connect the tunnels.
      This will continue until I manually disconnect one of the tunnels. This stops the renewal every 10-15 sec for the remaining tunnel, and it will stay up/be used/renewed as expected until a new event causes the same circle to start again.

      What can be done to prevent this?

      Love the no fuss of using the official appliances :-)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.