IPSEC Online for 15-20 seconds then needs cycling.

  • Another frustrating IPSEC problem.

    I have an IPSEC tunnel from my pfSense box at home to my Sonicwall Pro 3060 at the office. Everything has been working fine for 2-3 months. I haven't signed onto my pfSense box in over a month and I also adminster the SonicWALL at the other end. No changes have been made.

    I notice today my tunnel is down, so I disable IPSEC and re-enable, the tunnel comes up fine and I can ping nodes on the other end for maybe 15 seconds. Then it goes down. Rinse and repeat and I can ping again, then it goes down. I've confirmed the settings at both ends (despite nothing being changed). I've re-created the profile on the pfSense box.

    Any ideas why randomly the tunnel would keep going down but work for 15-20 seconds everytime IPSEC is cycled?

    And yes both ends have been rebooted.

  • I should clarify. When the tunnel goes "down" pfSense still reports it up. I just can no longer ping anything at the other end.

  • Rebel Alliance Developer Netgate

    Under System > Advanced, try to check the option to prefer old IPsec SAs.

    I have to do that with some other devices such as Watchguard Fireboxes or Linksys routers or I see the same behavior.

    Failing that, post the contents of your IPsec log from the initial working tunnel connection to the point where it is dead.

  • Enabling old IPSec SA did the trick.

    Much appreciated.

    Bit odd I hadn't enabled this for the past 3 months and no issues untill recently.

Log in to reply