1
23.1 Legacy Series / IPSEc tunnel not reconnecting after switch maintenance
« on: March 01, 2023, 09:54:39 am »
Hi there,
I made a recent design change to allow the possibility to patch my network switches without interruption.
(https://forum.opnsense.org/index.php?topic=32211.msg155680#msg155680)
So my physical firewall has 2 NICs configured in failover mode in a LAGG, spread on 2 physical switches. So is my Internet router (yeah double NAT is not ideal, but I have no choice with my provider)
All the interfaces work is done via VLANs & different interfaces.
RTSTP is activated on switches so the 2nd link of the router is disabled if the switch number 1 is online.
If I power off or update the switch 1, Internet and all the other things continue to work "as expected", except my IPSEC tunnel to another failover site. When the switch come back online, it doesn't reconnect it.
I've tried to restart the IPSEC service, nothing will work unless I restart the firewall. Restarting the firewall or service on remote site doesn't help.
Any idea what could be the issue and how to solve this?
Thanks in advance for your help
I made a recent design change to allow the possibility to patch my network switches without interruption.
(https://forum.opnsense.org/index.php?topic=32211.msg155680#msg155680)
So my physical firewall has 2 NICs configured in failover mode in a LAGG, spread on 2 physical switches. So is my Internet router (yeah double NAT is not ideal, but I have no choice with my provider)
All the interfaces work is done via VLANs & different interfaces.
RTSTP is activated on switches so the 2nd link of the router is disabled if the switch number 1 is online.
If I power off or update the switch 1, Internet and all the other things continue to work "as expected", except my IPSEC tunnel to another failover site. When the switch come back online, it doesn't reconnect it.
I've tried to restart the IPSEC service, nothing will work unless I restart the firewall. Restarting the firewall or service on remote site doesn't help.
Any idea what could be the issue and how to solve this?
Thanks in advance for your help