Site to Site Dropping
-
So I'm running pfsense 2.2.4 with a IPsec peer on Meraki/cisco and every 8 hours during its rekey the connection goes dark. whats even more frustrating is if the peer router is rebooted 4 hours into that 8 it wont rekey until the 8 hours has expired, meaning no connection for 4 more hours unless the IPsec service and the cisco are rebooted. per cisco I'm using P1 main/3des/sha1 and P2 didn't matter its esp aes256 which matches the cisco both have the 28800 lifetime P1/P2. I'm at a loss I thought it was originally due to my pfsense firmware being over a year old but the problem still exists. Now pfsense is loaded with DPD logs so I cant watch whats happening. I'm about to go back to open vpn until this can be fixed its keeping me up at night..
-
If it helps any im sure its similar to the asa routers. im just surprised nobody has any ideas yet.
-
during its rekey the connection goes dark
Same here with 2.2.5 on both ends. Might be related to this one as I'm also seeing multiple SAs…
-
brevilo: your issue is different, please start your own thread.
djnrg787: nothing to go on there to suggest anything. What do the IPsec logs on both sides show? Enable DPD on both sides if you haven't already.
-