IPsec to Azure
-
I configured an IPsec tunnel to azure. Everything works fine, but after some time, the VPN tunnel closes and does not come up again. Here are the logs:
Nov 4 09:37:17 racoon: []: INFO: IPsec-SA expired: ESP/Tunnel MY.REMOTE.ENDPOINT.IP[500]->MY.LOCAL.ENDPOINT.IP[500] spi=6140023(0x5db077) Nov 4 09:37:16 racoon: []: INFO: IPsec-SA expired: ESP/Tunnel MY.REMOTE.ENDPOINT.IP[500]->MY.LOCAL.ENDPOINT.IP[500] spi=208689881(0xc705ad9) Nov 4 09:36:58 racoon: INFO: purged IPsec-SA proto_id=ESP spi=2619293754\. Nov 4 09:36:58 racoon: INFO: deleting a generated policy. Nov 4 09:36:58 racoon: []: INFO: IPsec-SA established: ESP MY.LOCAL.ENDPOINT.IP[500]->MY.REMOTE.ENDPOINT.IP[500] spi=2273817274(0x8787b2ba) Nov 4 09:36:58 racoon: []: INFO: IPsec-SA established: ESP MY.LOCAL.ENDPOINT.IP[500]->MY.REMOTE.ENDPOINT.IP[500] spi=189411489(0xb4a30a1) Nov 4 09:36:58 racoon: WARNING: attribute has been modified. Nov 4 09:36:58 racoon: []: INFO: initiate new phase 2 negotiation: MY.LOCAL.ENDPOINT.IP[500]<=>MY.REMOTE.ENDPOINT.IP[500] Nov 4 09:36:58 racoon: []: INFO: IPsec-SA established: ESP MY.LOCAL.ENDPOINT.IP[500]->MY.REMOTE.ENDPOINT.IP[500] spi=2619293754(0x9c1f403a) Nov 4 09:36:58 racoon: []: INFO: IPsec-SA established: ESP MY.LOCAL.ENDPOINT.IP[500]->MY.REMOTE.ENDPOINT.IP[500] spi=63260756(0x3c54854) Nov 4 09:36:58 racoon: INFO: no policy found, try to generate the policy : REMOTE.NETWORK[0] LOCAL.NETWORK[0] proto=any dir=in Nov 4 09:36:58 racoon: []: INFO: respond new phase 2 negotiation: MY.LOCAL.ENDPOINT.IP[500]<=>MY.REMOTE.ENDPOINT.IP[500] Nov 4 09:36:22 racoon: INFO: purged IPsec-SA proto_id=ESP spi=2188736496\.These entrys get logged all 5 seconds. Am i missing something? Should i configure longer Phase 2 Lifetimes?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.