OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • IPSec Azure Issue 18.1.4
« previous next »
  • Print
Pages: [1]

Author Topic: IPSec Azure Issue 18.1.4  (Read 866 times)

Aergan

  • Newbie
  • *
  • Posts: 42
  • Karma: 8
    • View Profile
    • aergan.com
IPSec Azure Issue 18.1.4
« on: March 12, 2018, 04:52:36 pm »
Hi there,

I upgraded from 18.1.2 through to 18.1.4 and now my IPSec Site to site tunnel to Azure will no longer work correctly after 15~20minutes then results in the following:

Quote
charon: 07[IKE] establishing IKE_SA failed, peer not responding
Mar 12 15:45:27    charon: 07[IKE] giving up after 5 retransmits
Mar 12 15:45:18    charon: 13[CFG] ignoring acquire, connection attempt pending
Mar 12 15:45:18    charon: 14[KNL] creating acquire job for policy x.x.x.x/32 === y.y.y.y/32 with reqid {6}

And connection down.

To get it to reconnect I either have to reboot OPNsense or delete and recreate the connection on Microsoft Azure. Restarting IPsec / disable & reenable does not solve it.

Previously this has been working fine in 17.7 through to 18.1.2.
Connection type is IKEv2.
I've tried both with "Prefer older SA's" enabled and disabled and it seems to have no affect. In an older release of OPNsense I needed to have it enabled but haven't for a long time.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8286
  • Karma: 553
    • View Profile
Re: IPSec Azure Issue 18.1.4
« Reply #1 on: March 12, 2018, 05:10:50 pm »
Hi,

Can you try again with the older strongSwan?

# opnsense-revert -r 18.1.3 strongswan


Cheers,
Franco
Logged

Aergan

  • Newbie
  • *
  • Posts: 42
  • Karma: 8
    • View Profile
    • aergan.com
Re: IPSec Azure Issue 18.1.4
« Reply #2 on: March 13, 2018, 01:46:36 am »
That certainly seems to have sorted it. Instantly connected and has remained up so far
Logged

Aergan

  • Newbie
  • *
  • Posts: 42
  • Karma: 8
    • View Profile
    • aergan.com
Re: IPSec Azure Issue 18.1.4
« Reply #3 on: March 13, 2018, 08:32:58 am »
Just to confirm, no configuration changes and tunnel is still up and working correctly.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8286
  • Karma: 553
    • View Profile
Re: IPSec Azure Issue 18.1.4
« Reply #4 on: March 14, 2018, 06:36:44 pm »
Hi Aergan,

There is an amendment patch to the recent update we missed during the release process (it takes a day to build all and this didn't flag in our test env).

I'm guessing that's the issue:

https://wiki.strongswan.org/issues/2579

It'll be in 18.1.5 and I'll try to post a test version to make sure before that comes out. Are you on amd64 LibreSSL or OpenSSL?


Cheers,
Franco
Logged

Aergan

  • Newbie
  • *
  • Posts: 42
  • Karma: 8
    • View Profile
    • aergan.com
Re: IPSec Azure Issue 18.1.4
« Reply #5 on: March 14, 2018, 11:46:10 pm »
Looks about right, reboot sorts it etc. Thanks for finding a probably cause, appreciated

I'm on OpenSSL
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8286
  • Karma: 553
    • View Profile
Re: IPSec Azure Issue 18.1.4
« Reply #6 on: March 22, 2018, 09:51:42 am »
Hey Aergan,

Should be ok now on 18.1.5?


Thanks,
Franco
Logged

Aergan

  • Newbie
  • *
  • Posts: 42
  • Karma: 8
    • View Profile
    • aergan.com
Re: IPSec Azure Issue 18.1.4
« Reply #7 on: March 22, 2018, 06:30:38 pm »
Hi there, currently testing and so far it's been up for 14hrs with no issue on 18.1.15. Shall see how it fairs after a reboot later on
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 8286
  • Karma: 553
    • View Profile
Re: IPSec Azure Issue 18.1.4
« Reply #8 on: March 22, 2018, 09:09:51 pm »
Ok, nice, don't expect any more issues. :)
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • IPSec Azure Issue 18.1.4
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2