IPsec tunnels going down and some not coming up again…
-
Seeing som behavior I'd like get some input on…
Running around 30 IPsec tunnels where some of them apparentley are sitting on lines that from time to time can be unstable.
If the tunnel go down, the pfSense doesn't always detect this (in the sense that it is still shown as up in the Status\IPsec.The odd part here is that this problem only occurs when the remote peer is a pfSense device. Other devices are running primarily Zyxel devices, which seems to be able to re-establish the tunnel by themselves, where on the tunnels with both endpoints being pfSense the tunnel has to be forcebly closed to re-establish. Have tried enabling DPD on both sides of the tunnel, but it still exhibits this behavior.
Any suggestions?
-
Turn on DPD on both ends?
-
-
Try setting the "automatically ping host" setting in the pfSense box to a client on the other side of the tunnel. I was having a similar issue and this kept the tunnel alive.