Show Posts
1
Virtual private networks / IPSec site-to-site traffic not flowing after a while, even though link is up
« on: May 23, 2022, 10:16:51 pm »
Hi all.
I have this odd issue with a site to site VPN, it's been happening for a few versions of both of my firewalls, but I suspect that it's being caused by the OPNSense side due to how I can fix the symptom.
Setup:
* Sophos XG(19.0.0 GA-Build317) and OPNsense (22.1.6-amd64) IPSec site to site VPN
* Both connecting via HFC with dynamic IPs and managing own Dynamic DNS
* Link can recover automatically in the case of internet outages from either side
Symptoms:
* Traffic cannot flow between sites after some unspecified time
Fix:
* Toggling relavent IPSec firewall rule logging on/off allows traffic flow to resume until fault manifests again
Observations:
* Sophos XG and OPNSense sides both show VPN link as up during fault
Has anyone got any clues on this one? I'm not sure where to search for in the logs, but I'd be glad to take any suggestions and report back.
Thanks in advance.
I have this odd issue with a site to site VPN, it's been happening for a few versions of both of my firewalls, but I suspect that it's being caused by the OPNSense side due to how I can fix the symptom.
Setup:
* Sophos XG(19.0.0 GA-Build317) and OPNsense (22.1.6-amd64) IPSec site to site VPN
* Both connecting via HFC with dynamic IPs and managing own Dynamic DNS
* Link can recover automatically in the case of internet outages from either side
Symptoms:
* Traffic cannot flow between sites after some unspecified time
Fix:
* Toggling relavent IPSec firewall rule logging on/off allows traffic flow to resume until fault manifests again
Observations:
* Sophos XG and OPNSense sides both show VPN link as up during fault
Has anyone got any clues on this one? I'm not sure where to search for in the logs, but I'd be glad to take any suggestions and report back.
Thanks in advance.