I'm new to opnsense, but have one unit up and running. We have 5 locations with IPSEC tunnels runnning to each of them. Everything is fine until the tunnels start timing out/ going to sleep. We are running IP phones, and when a call is made across a sleeping tunnel, the phone rings, and we can pick it up, but we aren't able to talk. The phone system is on a different IP subnet than the data. As I said, all is well when tunnels are up, but I can' t figure out how to keep them awake. The opnsense is connecting to Cisco ASAs on the other ends. It seems like the tunnels do OK for about an hour before they start showing up as yellow in Status Overview.
Are you using IKEv2?
We've tried both IKEv1 and IKEv2. It fails either way. I've tried everything that makes any sense. Have removed firewall from network and reinstalled the ASA it was supposed to be replacing. Even set up a scheduled task to run an nmap connect scan every 15 minutes, and it seemed to keep the tunnels awake, but after a week or so, it was failing again. We think the phones use only UDP.