2x Phase 2 not steady
-
Hi together,
i am having kind of a strange issue about all my IPSec-Tunnels including 2x networks on Phase 2: After a few hours (i am not sure exactly how long but it will a few hours) only one of the two networks is up on the ipsec-status page which of course will result in packet-loss.
If i check the other side (which is not an pfSense) i can see both phases up so one of the two Phase2-Networks is only lost on pfSense-side. So far i could figure out that most of the times the first defined phase 2 is not being connected (but this might be a timing problem). If you ask me i would say as soon as my Timeout on Phase 1 from 86400 seconds is reached the issue starts.
DPD is enabled. So summarized: After reconnecting my VPN everything is working perfect for a few hours. After that only on of the two Phase2-Networks will work. My configuration:
Thanks!
-
I re-checked the logs and the only suspicious thing i could find was:
Aug 31 10:11:19 charon: 13[ENC] <con1000|198>received HASH payload does not match
Aug 31 10:11:19 charon: 13[ENC] <con1000|198>parsed QUICK_MODE request 1411326251 [ HASH SA No KE ID ID ]
Aug 31 10:11:19 charon: 13[NET] <con1000|198>received packet: from **.236.205[4500] to **.156.19[4500] (300 bytes)Could this cause the issues? Any other ideas?</con1000|198></con1000|198></con1000|198>
-
Is there a reason you're forcing NAT-T? That shouldn't be necessary and could be the reason if you're in a circumstance where NAT-T isn't required.