IPSEC Online for 15-20 seconds then needs cycling.

AuZZZie

Another frustrating IPSEC problem.

I have an IPSEC tunnel from my pfSense box at home to my Sonicwall Pro 3060 at the office. Everything has been working fine for 2-3 months. I haven't signed onto my pfSense box in over a month and I also adminster the SonicWALL at the other end. No changes have been made.

I notice today my tunnel is down, so I disable IPSEC and re-enable, the tunnel comes up fine and I can ping nodes on the other end for maybe 15 seconds. Then it goes down. Rinse and repeat and I can ping again, then it goes down. I've confirmed the settings at both ends (despite nothing being changed). I've re-created the profile on the pfSense box.

Any ideas why randomly the tunnel would keep going down but work for 15-20 seconds everytime IPSEC is cycled?

And yes both ends have been rebooted.

AuZZZie

I should clarify. When the tunnel goes "down" pfSense still reports it up. I just can no longer ping anything at the other end.

jimp

Under System > Advanced, try to check the option to prefer old IPsec SAs.

I have to do that with some other devices such as Watchguard Fireboxes or Linksys routers or I see the same behavior.

Failing that, post the contents of your IPsec log from the initial working tunnel connection to the point where it is dead.

AuZZZie

Enabling old IPSec SA did the trick.

Much appreciated.

Bit odd I hadn't enabled this for the past 3 months and no issues untill recently.