FRR seeing IPsec tunnels disappearing
-
@stephenw10 said in FRR seeing IPsec tunnels disappearing:
do they all resolve IPs? Converse
I have a few IPsec tunnels that are by IP only. I suspect this is being caused every time the it detects a change in the IP when pfsense goes to resolve the name.
-
Yup. Are you able to test that by adding a host override so it always resolves to the same IP?
-
@stephenw10 that’s a good idea. Setting up one now. I’ll observe overnight maybe for a few days.
Have you discussed this internally?
-
Yes, I think we've looked at this from other angles before. Just trying to pin down what's happening. I suspect there are several things open with the same root cause here.
-
Lets give it two days or so. Searching on events
/rc.newipsecdns: IPSEC:i noticed that this occurs either every day or every two days. I think we should know if the host override solves this problem by Wednesday
-
Watching this topic closely, I'm also seeing this behavior.
It seems that BGP plays nicer with Ignore IPsec Restart option than OSPF. -
@stephenw10 I monitored the dns change separately and although it did change because the host override is there the IPsec tunnels never bounced.
It's safe to say the host override suggestion worked.That said, i would like to go back to using DNS for this. What are the next steps to get a fix?
-
This could certainly be handled better. I don't think there's anything else you need to do, though any further details are welcomed. I'll try to take a closer look at this, but it will likely be some time.
-
