Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN pfSense vs Huawei USG6510E (Site-to-Site) Down

    Scheduled Pinned Locked Moved
    IPsec
    2
    3
    366
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antonioremigio1
      last edited by

      Good morning guys,

      I have a client that uses the Huawei USG6510E router and we close a Site-to-Site VPN, the problem is that every other day the VPN drops only on my side and I need to delete the VPN configuration, restart the pfSense VPN service and configure again to be able to stabilize.

      Does anyone have the parameters to close the VPN with this Huawei USG6510E router so I can match the configuration we made?

      Below is the configuration used:

      pfSense 2.6.0?

      Phase 1

      IKE Endpoint Configuration:

      Key Exchange version: IKEv2
      Internet Protocol: IPV4
      Interface: WAN
      Phase 1 Proposal (Authentication):

      Authentication Method: Mutual PSK
      My identifier: My IP address
      Peer identifier: Peer IP address
      Pre-Shared Key: XPTO
      Phase 1 Proposal (Encryption Algorithm):

      Encryption Algorithm
      Algorithm: AES
      Key length: 256 bits
      Hash: SHA256
      DH Group: 14 (2048 bit)
      Expiration and Replacement:

      Life Time: 28800
      Rekey Time: "Empty"
      Reauth Time: "Empty"
      Rand Time: "Empty"
      Advanced Options:

      Child SA Start Action: Default
      Child SA Close Action: Restart/Reconnect
      NAT Traversal: Auto
      MOBIKE: Disable
      Gateway duplicates: Unchecked
      Split connections: Unchecked
      PRF Selection: Unchecked
      Custom IKE/NAT-T Ports: "Vaio" and "Vazio"
      Dead Peer Detection: Marked
      Delay: 10
      Max failures: 5
      Phase 2:

      Networks:
      Local Network: LAN subnet
      NAT/BINAT translation: None
      Remote Network: 10.30.0.0 / 23

      Phase 2 Proposal (SA/Key Exchange):

      Protocol: ESP
      Encryption Algorithms: AES128-GCM - 128 bits
      Hash Algorithms: Unchecked (No option checked)
      PFS key group: off
      Expiration and Replacement:

      Life Time: 3600
      Rekey Time: "Empty"
      Rand Time: "Empty"
      Keep Alive:

      Automatically ping host: 10.30.1.1
      Keep Alive: Unchecked.

      Client Side - Huawei USG6510E

      45450161-92cd-4201-b44a-24193af08ef6-image.png

      66de792a-0737-4bb2-a31f-2ffb3299efd6-image.png

      3aa837a1-e5ee-4fa0-a9f6-b364bdb946cd-image.png

      1 Reply Last reply Reply Quote 0
      • N
        NOCling
        last edited by NOCling

        Grow up Log Level, to see what happen with the other site.
        DH 19-21 in P1 and PFS with DH 19-21 in P2.

        There is not Traffic Timeout on pfSense, i would disable this on the other site, if i is unstable.
        You can set tunnel mode to on the other site.

        Netgate 6100 & Netgate 2100

        A 1 Reply Last reply Reply Quote 0
        • A
          antonioremigio1 @NOCling
          last edited by antonioremigio1

          Thank you @NOCling .

          I've tried everything and I still have performance problems and packet loss.

          Now the biggest problem is that after a while or the size of the traffic data, the traffic is lost and the stats = 0.

          I realized that when it reaches 5Mb of traffic data it restarts phase 2 and resets the traffic, not letting it travel anymore. It is necessary to restart the VPN to resume traffic.

          I don't know what else to change to solve this.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post