Messages

Stange thing.

IPsec legacy Mode.

If we clone a IPsec Tunnel Phase 1, we get some stucking Gui. It hangs for a Minute and then another Minute we can click evefything.
What also dont work in this state is the connection status. Loading nothing and dont Show anything.
Other Tunnels dont work aymore.
Reloading the IPsec Service dont solve the problem.
Reloading the FW do.

If we delete the cloned Tunnel, reload the FW and manually create a New Phase 1 Tunnel with a Phase 2 setting everything is working finde.
If we just clone Phase 2 settings for another net, everthing is working fine, too.

Why do we get these Problems?
Any known Problems or best practices with the IPsec ?

Thanks a lot.

Problem solved.

We have found out, that our old FW had a VIP configured but not used.
This VIP is also configured as the new  OPNsense Master IP.
So as we deleted the VIP on the Old FW, the error was gone. No Problem since then...

Strange Thing:
We had configured this IP since a half year. The old VIP was also configured on the old FW for years...
We had 3-4 time a reboot of the OPNsense Master.

But the Problem came up since 2 Weeks since the last reboot.

So Network Level 1: never give the same IP to two devices, even if it is a VIP...  :'(

Hello there.

Constellation:
- One Master, one Backup, Carp running, VIPs, Subnets, VLANs, Routing, ...
- Master currently running on 24.4, Backup running on 23.10.3

Problem:
The Master looses his Gateway randomly for 10 Minutes, comes up again, is running good for randomly Minutes up to hours, then looses GW again for 10 Minutes and so on...
Problem was on 23.10.3, too

We are currently running on the Backup, which is running fine. no problems.

What i tried:
- disable GW Monitoring; not helping; GW lost anyway
- Disable an enable WAN interface brings up the GW again, but problem stays
- we were on 23.10.3 when the prblem comes up.
- yesterday we updated to 24.4, then made a factory reset and restored the config, made reboot again. Problem stays

Interesting:
I searched the logs last weekend. The problem was there for the last 3 month 3x times. Always when we rebooted the Master OPNSense.
BUT only 1-3 hours and then disappeard magically. (made no changes after reboot)

Only since last week the Problem stayes.
The GW to ISP since then is randomly down. (6-7 downs over night, but also on daytime)
But the ISP GW is not down; the Backup-FW using it and is running on it fine.
Just the Master have the problem for itself.

(last week: we made some changes on the NATing; from manual to hybrid. and then some NET-entrys, so the WAN-VIP will be used for some subnets. Rest will stay on automatic.
But as I said. The Problem is there for the Last 3 reboots / last 3 month for some hours. And since the last week we were on manual NAT for all nets.)

We synct every setting from Master to Backup.

I dont know which other logs i can look in the console.

Any suggestions? Please help.
Thanks a lot.