OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Aergan on March 12, 2018, 04:52:36 pm

Title: IPSec Azure Issue 18.1.4
Post by: Aergan on March 12, 2018, 04:52:36 pm

Hi there,

I upgraded from 18.1.2 through to 18.1.4 and now my IPSec Site to site tunnel to Azure will no longer work correctly after 15~20minutes then results in the following:

Quote

charon: 07[IKE] establishing IKE_SA failed, peer not responding
Mar 12 15:45:27    charon: 07[IKE] giving up after 5 retransmits
Mar 12 15:45:18    charon: 13[CFG] ignoring acquire, connection attempt pending
Mar 12 15:45:18    charon: 14[KNL] creating acquire job for policy x.x.x.x/32 === y.y.y.y/32 with reqid {6}

And connection down.

To get it to reconnect I either have to reboot OPNsense or delete and recreate the connection on Microsoft Azure. Restarting IPsec / disable & reenable does not solve it.

Previously this has been working fine in 17.7 through to 18.1.2.
Connection type is IKEv2.
I've tried both with "Prefer older SA's" enabled and disabled and it seems to have no affect. In an older release of OPNsense I needed to have it enabled but haven't for a long time.

Title: Re: IPSec Azure Issue 18.1.4
Post by: franco on March 12, 2018, 05:10:50 pm

Hi,

Can you try again with the older strongSwan?

# opnsense-revert -r 18.1.3 strongswan


Cheers,
Franco

Title: Re: IPSec Azure Issue 18.1.4
Post by: Aergan on March 13, 2018, 01:46:36 am

That certainly seems to have sorted it. Instantly connected and has remained up so far

Title: Re: IPSec Azure Issue 18.1.4
Post by: Aergan on March 13, 2018, 08:32:58 am

Just to confirm, no configuration changes and tunnel is still up and working correctly.

Title: Re: IPSec Azure Issue 18.1.4
Post by: franco on March 14, 2018, 06:36:44 pm

Hi Aergan,

There is an amendment patch to the recent update we missed during the release process (it takes a day to build all and this didn't flag in our test env).

I'm guessing that's the issue:

https://wiki.strongswan.org/issues/2579

It'll be in 18.1.5 and I'll try to post a test version to make sure before that comes out. Are you on amd64 LibreSSL or OpenSSL?


Cheers,
Franco

Title: Re: IPSec Azure Issue 18.1.4
Post by: Aergan on March 14, 2018, 11:46:10 pm

Looks about right, reboot sorts it etc. Thanks for finding a probably cause, appreciated

I'm on OpenSSL

Title: Re: IPSec Azure Issue 18.1.4
Post by: franco on March 22, 2018, 09:51:42 am

Hey Aergan,

Should be ok now on 18.1.5?


Thanks,
Franco

Title: Re: IPSec Azure Issue 18.1.4
Post by: Aergan on March 22, 2018, 06:30:38 pm

Hi there, currently testing and so far it's been up for 14hrs with no issue on 18.1.15. Shall see how it fairs after a reboot later on

Title: Re: IPSec Azure Issue 18.1.4
Post by: franco on March 22, 2018, 09:09:51 pm

Ok, nice, don't expect any more issues. :)