I have a problem with a problem with my S2S VTI tunnel between a fortigate and an opnsense.
I used that tutorial:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-conn-route.html
Sometimes the tunnel breaks and then the tunnel does not work any more. I checked the logs and found the following:
2024-02-28T18:24:31 Informational charon 11[CFG] trap not found, unable to acquire reqid 1000
2024-02-28T18:24:31 Informational charon 13[KNL] creating acquire job for policy 144.x.x.x/32 === 80.x.x.x/32 with reqid {1000}
2024-02-28T18:24:19 Informational charon 13[IKE] <....9cb|1> unable to resolve 80.x.x.x/32, initiate aborted
2024-02-28T18:24:19 Informational charon 13[CFG] initiating '....141'
2024-02-28T18:24:19 Informational charon 13[CFG] added vici connection: ...9cb
2024-02-28T18:24:19 Informational charon 15[CFG] loaded IKE shared key with id 'ike-...e01' for: 'SiteA', 'SiteB'
2024-02-28T18:24:19 Informational charon 15[CFG] loaded 0 RADIUS server configurations
2024-02-28T18:24:19 Informational charon 15[CFG] loaded 0 entries for attr plugin configuration
2024-02-28T18:24:19 Informational charon 15[LIB] no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
2024-02-28T18:23:50 Informational charon 15[CFG] loaded IKE shared key with id 'ike-....e01' for: 'SiteA', 'SiteB'
2024-02-28T18:23:49 Informational charon 00[JOB] spawning 16 worker threads
I also checked the logs of the fortigate, it is only negotiating the IPsec phase 1 and noting more.
What could the problem be?
Changed the ID and currently i get that message:
2024-02-28T18:39:44 Informational charon 14[IKE] <....bc9cb|3> unable to resolve 80.*.*.*/32, initiate aborted
2024-02-28T18:39:44 Informational charon 06[CFG] received stroke: initiate '.....1b1b141'
2024-02-28T18:39:44 Informational charon 06[IKE] <......8bc9cb|2> unable to resolve 80.*.*.*/32, initiate aborted
Any ideas?
EDIT: Found the problem. Removed the /32 and it worked. I also created everything new, so currently no problems and the tunnel is working. Strange i found logs at the fortigate, trying to connect.
I just wait to fail again und i will post the logs.
Hi tramhappert, cCan you share the configuration, I have an S2S tunnel between an F100 and an OPNsense 24.1.2, when the traffic in the tunnel is high the ping between networks is lost and through monit I restart the tunnel, my configuration is similar to from the following link
https://securitynetworkinglinux.com/2019/04/19/how-create-a-site-to-site-ipsec-vpn-from-an-opnsense-to-a-fortigate-behind-a-nat-router/
but I have the problem when the tunnel traffic increases, I have configured shaper and I don't know how to solve this problem.