Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A single IPSec tunnel goes down

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 745 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MilesDeep
      last edited by

      Background:  One site keeps falling off the network (IPsec VPN tunnel), people at the branch said the old Watchguard firewall was "hot."  Replaced the firewall, seemed better but still the tunnel fails from time to time.

      There are quite a few entries in the SAD for this particular tunnel.  After a firewall reboot (at remote site) the tunnel is back up.

      Some log entries (latest first):

      racoon: [Roseville2Longview]: [206.x.x.x] ERROR: notification 32768 received in informational exchange.
      racoon: ERROR: pfkey DELETE received: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1012270089(0x3c560208)
      racoon: ERROR: pfkey DELETE received: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1317536775(0x4e880407)
      racoon: [Corp-to-remote1]: INFO: IPsec-SA established: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1012270988(0x3c560448)

      We changed the ISP recently.  But, when the circuit is down, I can get to the external on the ISP modem/router but not the external on the firewall or, obviously, the internal int.  The connection is lost between the ISP equipment and our firewall.  Could this be a circuit issue or maybe a piece of equipment between the devices?

      Thanks for any help provided.

      1 Reply Last reply Reply Quote 0
      • M
        MilesDeep
        last edited by

        Just an update:  Today I have the following log entries and SEVERAL entries in the SAD table.

        Jan 28 08:24:04 racoon: INFO: unsupported PF_KEY message REGISTER
        Jan 28 08:23:29 racoon: [Roseville2Longview]: [206.x.x.x] ERROR: notification 32768 received in informational exchange.

        Any thoughts are welcome.  Just a thought; if, on the remote firewall, the key expiration is set to 24 hours AND zero kilobytes, will the key constantly be regenerated?  I have always thought not, but…

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.