OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Multi WAN: IPsec tunnels are being restarted all the time
« previous next »
  • Print
Pages: [1]

Author Topic: Multi WAN: IPsec tunnels are being restarted all the time  (Read 3515 times)

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Multi WAN: IPsec tunnels are being restarted all the time
« on: October 06, 2016, 12:12:30 pm »
Hi,

I've got a Multi WAN setup running for some time now. Unfortunately, if one of the WAN gateways goes down, OPNsense will endlessly restart my IPsec tunnel(s):

Code: [Select]
Oct  6 11:49:20 fw1 opnsense: /usr/local/etc/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Oct  6 11:49:20 fw1 opnsense: /usr/local/etc/rc.newipsecdns: MONITOR: WAN2GW is down, removing from routing group GW_FAILOVER
Oct  6 11:49:20 fw1 ipsec_starter[51952]: configuration 'con3' unrouted

Oct  6 11:49:49 fw1 opnsense: /usr/local/etc/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Oct  6 11:49:49 fw1 opnsense: /usr/local/etc/rc.newipsecdns: MONITOR: WAN2GW is down, removing from routing group GW_FAILOVER
Oct  6 11:49:49 fw1 ipsec_starter[51952]: configuration 'con3' unrouted

Oct  6 11:50:08 fw1 opnsense: /usr/local/etc/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Oct  6 11:50:08 fw1 opnsense: /usr/local/etc/rc.newipsecdns: MONITOR: WAN2GW is down, removing from routing group GW_FAILOVER
Oct  6 11:50:08 fw1 ipsec_starter[51952]: configuration 'con3' unrouted

Oct  6 11:50:37 fw1 opnsense: /usr/local/etc/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Oct  6 11:50:37 fw1 opnsense: /usr/local/etc/rc.newipsecdns: MONITOR: WAN2GW is down, removing from routing group GW_FAILOVER
Oct  6 11:50:37 fw1 ipsec_starter[51952]: configuration 'con3' unrouted
I find this rather odd (and annoying)... is this the expected behaviour or does this point to a misconfiguration on my side?

OPNsense 16.7.5-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016

Thanks
- Frank
Logged

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Re: Multi WAN: IPsec tunnels are being restarted all the time
« Reply #1 on: October 06, 2016, 02:36:00 pm »
Interestingly, if I remove the failed gateway (WAN2GW) from the gateway group there still seems to be a restart loop going on:

Code: [Select]
Oct  6 14:30:20 fw1 opnsense: /usr/local/etc/rc.newipsecdns: IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Oct  6 14:30:21 fw1 ipsec_starter[51952]: configuration 'con3' unrouted
Oct  6 14:30:21 fw1 ipsec_starter[51952]:
Oct  6 14:30:21 fw1 ipsec_starter[51952]: 'con3' routed
Oct  6 14:30:21 fw1 ipsec_starter[51952]:
Oct  6 14:30:21 fw1 configd.py: [b5b23c94-c5dd-41ff-9417-b0f47cb4d62b] Restarting OpenVPN tunnels/interfaces XXXVPN
Oct  6 14:30:21 fw1 opnsense: /usr/local/etc/rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use XXXVPN.
Oct  6 14:30:21 fw1 configd.py: [9a4ae6f6-9682-4024-9965-6ad70c4ad043] Reloading filter
Oct  6 14:30:24 fw1 configd.py: [f618dfd9-0ab9-4830-b7ec-85bb3ee0668d] updating dyndns XXXVPN
Oct  6 14:30:24 fw1 configd.py: [6e685b11-1e36-40d0-8171-17a480c8c785] Restarting ipsec tunnels
Any ideas?

Regards
- Frank
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Multi WAN: IPsec tunnels are being restarted all the time
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2