OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: FingerlessGloves on September 23, 2022, 09:49:52 am
-
Hi Guys,
I've configured a IPSec S2S tunnel to Azure and I'm having issues at rekey, I've double checked my settings and they all match what they should be set too. We have another IPSec tunnel with the same settings to another Firewall vendor and the settings work fine, so I know there's something not quite right on the OPNsense side.
I've noticed during the rekey I end up getting "integrity check failed" messages in the IPSec log of OPNsense.
I've got the tunnel setup using AES256-GCM for both phase1 and phase2. Luckily the tunnel restarts eventually and the tunnel comes backup for the lifetime of the SA's, then rekey happens fails and then restarts again after some "integrity check failed" messages. This courses about 2-3 minutes of no traffic to pass.
Has anyone get any experience using AES GCM with IPSec to Azure?
I shall attach my OPNsense settings, encase the issue is obvious to someone when they look at them.
-
ive had the same issue with the remote end a Cisco ASA. I use DPD and it restarts in under a minute, PITA though.
-
Hi,
iin my case I use different Settings.
In Phase I use "default " as connection method instead "response only"
In Phase 2 I use Sha265 as hash algorithm, you use none.
My Azure Settings are attached. Hope that helps
-
Hi,
iin my case I use different Settings.
In Phase I use "default " as connection method instead "response only"
In Phase 2 I use Sha265 as hash algorithm, you use none.
My Azure Settings are attached. Hope that helps
I've changed from AESGCM to AES, to see if that's the problem.
-
I've disabled reauth, and so far no rekey issues
-
I've disabled reauth, and so far no rekey issues
im trying the same, granted my endpoint isnt azure, its a cisco device. But lets see as its been crappy to loose the connection so often.