Multi Ipsec VPN Problem

itoxygen

I use multiple IPSec VPN connections, the connection problem after a certain period following the link breaks and the vpn is not held back

2.1-DEVELOPMENT (amd64)

dhatz

You'll need to provide a lot more info:

Did your IPsec VPNs work well before upgrading to 2.1-DEVEL? (if so, which pfsense version 1.2.3 or 2.0.1?)

DPD?
NAT-T?
IPsec mobile?
etc

Also provide full racoon logs.

itoxygen

I previously was using version 2.0.1

DPD - Disable
NAT-T - Disable
IPsec mobile - Enable

dhatz

@itoxygen:

IPsec mobile - Enable

Well, perhaps it's a regression due to the patch to fix of 1970

jimp

Still not enough info here.

You need to post your IPsec logs from when it's failing to reconnect, along with the output of

setkey -D
setkey -DP

From when it's working and when it's not working, for comparison.

itoxygen

$ setkey -DP
192.168.55.0/24[any] 192.168.55.254[any] 255
in none
spid=2 seq=11 pid=54024
refcnt=1
192.168.15.0/24[any] 192.168.55.0/24[any] 255
in ipsec
esp/tunnel/95.x.xx.xx-213.xxx.xxx.xx/unique#16386
spid=4 seq=10 pid=54024
refcnt=1
192.168.5.0/24[any] 192.168.55.0/24[any] 255
in ipsec
esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16388
spid=6 seq=9 pid=54024
refcnt=1
192.168.6.0/24[any] 192.168.55.0/24[any] 255
in ipsec
esp/tunnel/78.xxx.xxx.xxx-213.xxx.xxx.xx/unique#16390
spid=8 seq=8 pid=54024
refcnt=1
192.168.8.0/24[any] 192.168.55.0/24[any] 255
in ipsec
esp/tunnel/78.xxx.xx.xx-213.xxx.xxx.xx/unique#16392
spid=10 seq=7 pid=54024
refcnt=1
192.168.18.0/24[any] 192.168.55.0/24[any] 255
in ipsec
esp/tunnel/81.xxx.xx.xxx-213.xxx.xxx.xx/unique#16394
spid=12 seq=6 pid=54024
refcnt=1
192.168.55.254[any] 192.168.55.0/24[any] 255
out none
spid=1 seq=5 pid=54024
refcnt=1
192.168.55.0/24[any] 192.168.15.0/24[any] 255
out ipsec
esp/tunnel/213.xxx.xxx.xx-95.x.xx.xx/unique#16385
spid=3 seq=4 pid=54024
refcnt=1
192.168.55.0/24[any] 192.168.5.0/24[any] 255
out ipsec
esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16387
spid=5 seq=3 pid=54024
refcnt=1
192.168.55.0/24[any] 192.168.6.0/24[any] 255
out ipsec
esp/tunnel/213.xxx.xxx.xx-78.xxx.xxx.xxx/unique#16389
spid=7 seq=2 pid=54024
refcnt=1
192.168.55.0/24[any] 192.168.8.0/24[any] 255
out ipsec
esp/tunnel/213.xxx.xxx.xx-78.xxx.xx.xx/unique#16391
spid=9 seq=1 pid=54024
refcnt=1
192.168.55.0/24[any] 192.168.18.0/24[any] 255
out ipsec
esp/tunnel/213.xxx.xxx.xx-81.xxx.xx.xxx/unique#16393
spid=11 seq=0 pid=54024
refcnt=1

itoxygen

$ setkey -D
213.xxx.xxx.xx 78.xxx.xx.xx
esp mode=any spi=3620357127(0xd7ca4407) reqid=16391(0x00004007)
E: aes-cbc  7686bf77 f62b0396 d41e52d4 65acc363
A: hmac-sha1  951974a6 81da8068 82e549bb 4d753766 0ff8689b
seq=0x00000183 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
diff: 4670(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
current: 271224(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 387 hard: 0 soft: 0
sadb_seq=7 pid=18139 refcnt=2
78.xxx.xx.xx 213.xxx.xxx.xx
esp mode=tunnel spi=128898573(0x07aed60d) reqid=16392(0x00004008)
E: aes-cbc  2a1bce17 3cdd25cb b29efca3 b9d46f1d
A: hmac-sha1  a5f03b30 158f7622 759d231a affa0159 d9bbdf42
seq=0x00000148 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:04:16 2012 current: Apr 13 17:22:06 2012
diff: 4670(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:21:41 2012 hard: 0(s) soft: 0(s)
current: 32597(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 328 hard: 0 soft: 0
sadb_seq=6 pid=18139 refcnt=1
213.xxx.xxx.xx 95.x.xx.xx
esp mode=any spi=81132314(0x04d5fb1a) reqid=16385(0x00004001)
E: aes-cbc  f7a70af4 58addc1a 584a8e6f 33b8bab4
A: hmac-sha1  bed0d0fd 37a90867 49efd159 3b5baa6d 631a8627
seq=0x000012fe replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
diff: 4851(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 709808(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 4862 hard: 0 soft: 0
sadb_seq=5 pid=18139 refcnt=2
95.x.xx.xx 213.xxx.xxx.xx
esp mode=tunnel spi=223923227(0x0d58cc1b) reqid=16386(0x00004002)
E: aes-cbc  0b13ac84 23799226 acf6c001 b42c191f
A: hmac-sha1  9b24e11f 51f58595 1438b99a 874c678e 8f076aae
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:15 2012 current: Apr 13 17:22:06 2012
diff: 4851(s) hard: 28800(s) soft: 23040(s)
last:                    hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=4 pid=18139 refcnt=1
213.xxx.xxx.xx 78.xxx.xxx.xxx
esp mode=any spi=2785857967(0xa60cd1af) reqid=16389(0x00004005)
E: aes-cbc  2d8f8dc8 fd0edb39 5f487fc3 868cb40c
A: hmac-sha1  9e7861f2 6db71edb 97c85e2f eeb2d92a 7840d4e5
seq=0x000042aa replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
diff: 4852(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 19091504(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 17066 hard: 0 soft: 0
sadb_seq=3 pid=18139 refcnt=2
78.xxx.xxx.xxx 213.xxx.xxx.xx
esp mode=tunnel spi=174727792(0x0a6a2270) reqid=16390(0x00004006)
E: aes-cbc  e95d38fd 59f37f5d 20d87b10 2994deac
A: hmac-sha1  51d83dfb 66de3f2e 9a80fc0d 720da3fd 6df1003c
seq=0x000032e6 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:14 2012 current: Apr 13 17:22:06 2012
diff: 4852(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:05 2012 hard: 0(s) soft: 0(s)
current: 3143780(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 13030 hard: 0 soft: 0
sadb_seq=2 pid=18139 refcnt=1
213.xxx.xxx.xx 78.xxx.xxx.xxx
esp mode=any spi=3295792916(0xc471cf14) reqid=16387(0x00004003)
E: aes-cbc  50de0576 3aa95c37 dba14263 57737455
A: hmac-sha1  dded9c1f 6b2135a8 60d934a5 a9d7a5a3 3ac9fcb5
seq=0x00003023 replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
diff: 4855(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:00 2012 hard: 0(s) soft: 0(s)
current: 7009560(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 12323 hard: 0 soft: 0
sadb_seq=1 pid=18139 refcnt=2
78.xxx.xxx.xxx 213.xxx.xxx.xx
esp mode=tunnel spi=91025691(0x056cf11b) reqid=16388(0x00004004)
E: aes-cbc  8f05fb5d 766899c7 ab518e46 e438d3ec
A: hmac-sha1  e7d8fe13 6e9141d0 b219c538 cd66f662 e88604d3
seq=0x000031bb replay=4 flags=0x00000000 state=mature
created: Apr 13 16:01:11 2012 current: Apr 13 17:22:06 2012
diff: 4855(s) hard: 28800(s) soft: 23040(s)
last: Apr 13 17:22:03 2012 hard: 0(s) soft: 0(s)
current: 1495084(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 12731 hard: 0 soft: 0
sadb_seq=0 pid=18139 refcnt=1