OPNsense Forum

English Forums => Virtual private networks => Topic started by: mmkmiller1 on April 20, 2021, 10:42:04 pm

Title: Tunnel timeouts on OPNsense 21.1-amd64
Post by: mmkmiller1 on April 20, 2021, 10:42:04 pm

I'm new to opnsense, but have one unit up and running. We have 5 locations with IPSEC tunnels runnning to each of them. Everything is fine until the tunnels start timing out/ going to sleep. We are running IP phones, and when a call is made across a sleeping tunnel, the phone rings, and we can pick it up, but we aren't able to talk. The phone system is on a different IP subnet than the data.  As I said, all is well when tunnels are up, but I can' t figure out how to keep them awake. The opnsense is connecting to Cisco ASAs on the other ends. It seems like the tunnels do OK for about an hour before they start showing up as yellow in Status Overview.

Title: Re: Tunnel timeouts on OPNsense 21.1-amd64
Post by: Colani1200 on May 28, 2021, 03:30:48 pm

Are you using IKEv2?

Title: Re: Tunnel timeouts on OPNsense 21.1-amd64
Post by: mmkmiller1 on June 01, 2021, 08:25:32 pm

We've tried both IKEv1 and IKEv2. It fails either way. I've tried everything that makes any sense. Have removed firewall from network and reinstalled the ASA it was supposed to be replacing. Even set up a scheduled task to run an nmap connect scan every 15 minutes, and it seemed to keep the tunnels awake, but after a week or so, it was failing again. We think the phones use only UDP.