IPsec Random Disconnects

  • We have a site running 2b4 Nov22 on a Soekris net5501-70 with a VPN1411 HiFn crypto card (not using AES Bug #754) that connects to a Sonicwall.  The tunnel breaks at random, on average 2 times per day and sometimes comes up within a minute or may stay down 15 minutes.  I have zero access to the Sonicwall on the other end, but it does have 4 other tunnels coming in all from other Sonicwall devices.

    The admin on the Sonicwall says he see no errors in the logs on his end and I see none on my end.  I have not been able to catch it down.  The other IT company I am working with gets the call first and it is always up by the time I get word.

    We have tried with and without DPD. The pfSense book mentions this for troubleshooting.  I have turned on the keep alive ping and set it to the server they are connecting to.

    The other IT company changed the router out to a Sonicwall device yesterday and so far it has not went down. I have been running m0n0wall to m0n0wall and pfSense to pfsense and pf to m0n0 IPsec tunnels for years without issue.

    We also have another site connecting to a Cisco load balancer and have had zero issues with it.

    Could the IPsec in Sonicwall be slightly non standard?  Could it be a carrier issue? Both sites are using Cable connections from the same carrier and are located within 10 miles.
    Any Ideas?

  • Rebel Alliance Developer Netgate

    When the tunnel "breaks" what is its status in the WebGUI? Does it show as active still?

    Have you tried checking "Prefer old IPsec SAs" in the advanced options? I've had to check that quite often when dealing with IPsec devices from other vendors.

  • I do not know by the time they call me it is back up.

    Thanks Jim.  I had forgotten about that option.  Will give it a try.  We are going to setup a test connection in my lab to the box in question.  Just not sure of a good way to monitor it.

Log in to reply