Site to Site Dropping



  • So I'm running pfsense 2.2.4 with a IPsec peer on Meraki/cisco and every 8 hours during its rekey the connection goes dark. whats even more frustrating is if the peer router is rebooted 4 hours into that 8 it wont rekey until the 8 hours has expired, meaning no connection for 4 more hours unless the IPsec service and the cisco are rebooted. per cisco I'm using  P1 main/3des/sha1 and P2 didn't matter its esp aes256 which matches the cisco both have the 28800 lifetime P1/P2. I'm at a loss I thought it was originally due to my pfsense firmware being over a year old but the problem still exists. Now pfsense is loaded with DPD logs so I cant watch whats happening. I'm about to go back to open vpn until this can be fixed its keeping me up at night..



  • If it helps any im sure its similar to the asa routers. im just surprised nobody has any ideas yet.



  • during its rekey the connection goes dark

    Same here with 2.2.5 on both ends. Might be related to this one as I'm also seeing multiple SAs…



  • brevilo: your issue is different, please start your own thread.

    djnrg787: nothing to go on there to suggest anything. What do the IPsec logs on both sides show? Enable DPD on both sides if you haven't already.



  • @cmb:

    brevilo: your issue is different, please start your own thread.

    Fair enough. It looks similar to this and I'm gathering logs right now…


Log in to reply