Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec goes down and won't reconnect automatically

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y Offline
      yaboc
      last edited by

      Hi i'm having trouble to keep one of our IPSEC tunnel connected.
      The remote end is a cisco firewall and it connects just fine if i manually click on the reconnect button

      the last entry in ipsec.log regarding this tunnel is

      [2.1-RELEASE][admin]: cat /var/log/ipsec.log | grep 1978
      May 18 11:38:00 50pf racoon: INFO: IPsec-SA established: ESP {local_peer_IP}[500]->{remote_peer_IP}[500] spi=261978479(0xf9d796f)
      May 18 12:26:01 50pf racoon: INFO: IPsec-SA expired: ESP/Tunnel {remote_peer_IP}[500]->{local_peer_IP}[500] spi=261978479(0xf9d796f)

      so it's not reconnecting when it's time to renew the expired SA

      this is what i see in the log when i manually reconnect it and the after that the status stays UP until the next time it's time for SA renewal

      May 19 11:43:57 racoon: [1978]: INFO: IPsec-SA request for {remote_peer_IP} queued due to no phase1 found.
      May 19 11:43:57 racoon: [1978]: INFO: initiate new phase 1 negotiation: {local_peer_IP}[500]<=>{remote_peer_IP}[500]
      May 19 11:43:57 racoon: INFO: begin Identity Protection mode.
      May 19 11:43:57 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      May 19 11:43:57 racoon: INFO: received Vendor ID: CISCO-UNITY
      May 19 11:43:57 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      May 19 11:43:58 racoon: INFO: received Vendor ID: DPD
      May 19 11:43:58 racoon: [1978]: INFO: ISAKMP-SA established {local_peer_IP}[500]-{remote_peer_IP}[500] spi:941e906fd1393f41:fe79fde55f08c1b0
      May 19 11:43:58 racoon: [1978]: INFO: initiate new phase 2 negotiation: {local_peer_IP}[500]<=>{remote_peer_IP}[500]
      May 19 11:43:58 racoon: [1978]: [{remote_peer_IP}] ERROR: unknown Informational exchange received.
      May 19 11:43:58 racoon: [1978]: INFO: IPsec-SA established: ESP {local_peer_IP}[500]->{remote_peer_IP}[500] spi=248401337(0xece4db9)
      May 19 11:43:58 racoon: [1978]: INFO: IPsec-SA established: ESP {local_peer_IP}[500]->{remote_peer_IP}[500] spi=505892321(0x1e274de1)

      any info would be appreciated.

      Thanks

      yaboc

      1 Reply Last reply Reply Quote 0
      • Y Offline
        yaboc
        last edited by

        fixed it with auto ping host in advanced options in Phase 2. thanks!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.