OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: xofer on February 22, 2017, 01:44:53 pm
-
I have configured site to site ipsec from one opnsense to another and clients have intermittent connection issues through the connection. At some point the tunnel drops and renegotiation is not successful for several minutes.
Going through the log, i stumbled upon this:
peer A:
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----
peer B:
Feb 22 14:30:02 peerB charon: 12[IKE] received 2 cert requests for an unknown ca
Ipsec negotiation succeeds 2 minutes(!) later.
The strange thing is that ipsec is configured to use Mutual PSK, not certificates. The certificates in question are used for OpenVPN clients on peer A.
Why does ipsec use these certificates at all?
Am I right to suspect that this is the cause for the delay that one peer tries to authenticate using these CAs?