IPsec VPN service stuck after few days



  • Hi Guys,

    One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites. When we are trying to stop or start service then its now working. After reboot the pfsense all sites working fine with VPN.

    Any suggestion then please share with me.

    Thanks

    Manoj



  • One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites.

    Rebooting, new install and/or upgrading mostly comes with so called "by side" effects!
    If you was not creating a /boot/loader.conf.local and store there all tunigs and pimps you made
    they will more or less all gone after an upgrade, fresh install or tiny reboot!

    When we are trying to stop or start service then its now working.

    Now working or not working?

    After reboot the pfsense all sites working fine with VPN.

    Is there any lease time in this VPN game set up by yours in the past?

    Any suggestion then please share with me.

    What kind of hardware you are using?
    Did you set up a lease time for the VPN tunnel?



  • I've been reporting the same problem since 2.2.3.  Restarting IPSEC and apinger does not solve the problem.  I just reboot PFSense every couple of days.  I have an unstable connection that goes down for a few seconds/minutes frequently and that seems to be the cause.  When the connection is fairly stable IPSEC will stay up for several days, when the connection is flaky IPSEC stops after just a day or two.  Until now no one else has reported the same problem - so I'm glad I'm not the only one.



  • @BlueKobold:

    One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites.

    Rebooting, new install and/or upgrading mostly comes with so called "by side" effects!
    If you was not creating a /boot/loader.conf.local and store there all tunigs and pimps you made
    they will more or less all gone after an upgrade, fresh install or tiny reboot!

    When we are trying to stop or start service then its now working.

    Now working or not working?

    After reboot the pfsense all sites working fine with VPN.

    Is there any lease time in this VPN game set up by yours in the past?

    Any suggestion then please share with me.

    What kind of hardware you are using?
    Did you set up a lease time for the VPN tunnel?

    HI Mate ,

    I am using the below hardware:-

    Version 2.2.4-RELEASE (i386)
    built on Sat Jul 25 19:56:41 CDT 2015
    FreeBSD 10.1-RELEASE-p15

    You are on the latest version.
    Platform nanobsd (4g)
    NanoBSD Boot Slice pfsense0 / ada0s1 (ro)
    CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads
    Uptime 3 Days 00 Hour 14 Minutes 09

    and the firewall has been updated

    Thanks



  • @manoj_4765:

    @BlueKobold:

    One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites.

    Rebooting, new install and/or upgrading mostly comes with so called "by side" effects!
    If you was not creating a /boot/loader.conf.local and store there all tunigs and pimps you made
    they will more or less all gone after an upgrade, fresh install or tiny reboot!

    When we are trying to stop or start service then its now working.

    Now working or not working?

    After reboot the pfsense all sites working fine with VPN.

    Is there any lease time in this VPN game set up by yours in the past?

    Any suggestion then please share with me.

    What kind of hardware you are using?
    Did you set up a lease time for the VPN tunnel?

    HI Mate ,

    I am using the below hardware:-

    Version 2.2.4-RELEASE (i386)
    built on Sat Jul 25 19:56:41 CDT 2015
    FreeBSD 10.1-RELEASE-p15

    You are on the latest version.
    Platform nanobsd (4g)
    NanoBSD Boot Slice pfsense0 / ada0s1 (ro)
    CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads
    Uptime 3 Days 00 Hour 14 Minutes 09

    and the firewall has been updated

    Thanks

    Yes after rebooting the firewall its working fine for 2 or 3 days.

    Thanks



  • @manoj_4765:

    @BlueKobold:

    One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites.

    Rebooting, new install and/or upgrading mostly comes with so called "by side" effects!
    If you was not creating a /boot/loader.conf.local and store there all tunigs and pimps you made
    they will more or less all gone after an upgrade, fresh install or tiny reboot!

    When we are trying to stop or start service then its now working.

    Now working or not working?

    After reboot the pfsense all sites working fine with VPN.

    Is there any lease time in this VPN game set up by yours in the past?

    Any suggestion then please share with me.

    What kind of hardware you are using?
    Did you set up a lease time for the VPN tunnel?

    HI Mate ,

    I am using the below hardware:-

    Version 2.2.4-RELEASE (i386)
    built on Sat Jul 25 19:56:41 CDT 2015
    FreeBSD 10.1-RELEASE-p15

    You are on the latest version.
    Platform nanobsd (4g)
    NanoBSD Boot Slice pfsense0 / ada0s1 (ro)
    CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads
    Uptime 3 Days 00 Hour 14 Minutes 09

    and the firewall has been updated

    same time I have checked the firewall logs and logs was like this, (Note in mean time only one site vpn is not working and other sites vpn are working fine and the main time racoon start and stop is not working)

    php-fpm[80091]: /rc.newipsecdns: WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration.

    Thanks


  • Banned

    @manoj_4765:

    One week back I have updated the pfsense firmware to 2.2.4 and we have noticed after 3 or 4 days the vpn is disconnect with some sites. When we are trying to stop or start service then its now working. After reboot the pfsense all sites working fine with VPN.

    Tell us something new, perhaps? Exact reason why I moved everything to OpenVPN; after some 4 months, I have yet to hear a single complaint about tunnel being down (when internet is working).

    Been this way ever since 2.2; don't have time to debug this shit.



  • I don't mind taking the time to debug.  But so much stuff is spewed into the log that I have been unable to find any thing that hints at the problem.  Chris has had access to my system since 2.2 and I don't think he has had any more luck identifying the problem.  I have 17 VPN connections but they are all for my use, and I have backup OpenVPN connections as well so I can "afford" to keep looking for a solution, but it is a pain to reboot PFSense every couple of days (and it reeks havoc with my Zabbix monitoring).  The 17 end points have various IPSEC connections between them, but I have left them all running 2.1.3 until IPSEC is working reliably (or I give up and convert all the tunnels to OpenVPN)