Show Posts
1
Virtual private networks / AWS site-to-site reconnection issue
« on: July 03, 2023, 04:41:43 pm »
Hi,
We use OPNsense to connect our proxmox environment to our AWS environment using a site-to-site VPN. The issue we are experiencing is that AWS tends to replace tunnel endpoints at irregular intervals due to maintenance, upgrades - etc, which disconnects one of the two tunnels.
This necessitates a manual restart of the tunnel in OPNSense, under VPN -> IPsec -> Status Overview and pressing the "start" icon at the disconnected tunnel.
What I'm looking for is a method to automate this. Dead peer detection is enabled at 10 seconds, 3 retries and "restart the tunnel", but this does not appear to have any effect. My guess is because the AWS side is probably shutting down the tunnel neatly, so the disconnect is not seen as an error.
Is there any way that I can automate OPNsense to "start" a disconnected tunnel?
Edit: I should note the same behaviour is exhibited during a reboot of the OPNsense instance. It requires manual activation of the VPN tunnel. I would like this to be automatic, on start and on-disconnection.
We use OPNsense to connect our proxmox environment to our AWS environment using a site-to-site VPN. The issue we are experiencing is that AWS tends to replace tunnel endpoints at irregular intervals due to maintenance, upgrades - etc, which disconnects one of the two tunnels.
This necessitates a manual restart of the tunnel in OPNSense, under VPN -> IPsec -> Status Overview and pressing the "start" icon at the disconnected tunnel.
What I'm looking for is a method to automate this. Dead peer detection is enabled at 10 seconds, 3 retries and "restart the tunnel", but this does not appear to have any effect. My guess is because the AWS side is probably shutting down the tunnel neatly, so the disconnect is not seen as an error.
Is there any way that I can automate OPNsense to "start" a disconnected tunnel?
Edit: I should note the same behaviour is exhibited during a reboot of the OPNsense instance. It requires manual activation of the VPN tunnel. I would like this to be automatic, on start and on-disconnection.