IPSEC Verbindung zwischen 2 OPNsense bricht ab

Started by Smoke, August 16, 2021, 12:58:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 16, 2021, 12:58:50 PM
Hallo,

wir haben das Problem das jeden tag eins bis zwei mal die IPSEC Verbindung abbricht. Bin irgendwie verzweifelt. Die Konfiguration Standort A & B neu eingerichtet, leider ohne Erfolg. Standort C lauft ohne Probleme mit den Selben Einstellungen.


Code Select
--            +---------------+
--            |Haupt Standort |
--            +---------------+
--                    ^
--                    |
--                    |
--                    |                 IPSEC Zwischen A & B
--                   ++---------------+                    +---------------+
--                   |  Standort A    | -----------------> |  Standort B   |
--                   +----------------+                    +---------------+
--                        ^                                           ^
--                        |                                           |
--                        |                                           |
-- IPSEC Zwischen A & C   |                                           |   IPSEC Zwischen C & B
--                        |                                           |
--                        |              +-------------+              |
--                        |              | Standort C  |              |
--                        +--------------+-------------+--------------+


Die verbindung zwischen A & B bricht 1 bis 2 am Tag ab.

LOG:
Quote2021-08-16T12:07:00   charon[9940]   14[KNL] <con2|2571> unable to delete SAD entry with SPI cde970ed: No such process (3)
2021-08-16T12:07:00   charon[9940]   14[IKE] <con2|2571> giving up after 5 retransmits
2021-08-16T12:05:45   charon[9940]   14[NET] <con2|2571> sending packet: from standort A[4500] to 62.225.43.82[15518] (624 bytes)
2021-08-16T12:05:45   charon[9940]   14[IKE] <con2|2571> retransmit 5 of request with message ID 0
2021-08-16T12:05:03   charon[9940]   14[NET] <con2|2571> sending packet: from Standort A[4500] to 62.225.43.82[15518] (624 bytes)
2021-08-16T12:05:03   charon[9940]   14[IKE] <con2|2571> retransmit 4 of request with message ID 0
2021-08-16T12:04:40   charon[9940]   08[NET] <con2|2570> sending packet: from Standort A[4500] to Standort B[49381] (96 bytes)
2021-08-16T12:04:40   charon[9940]   08[ENC] <con2|2570> generating INFORMATIONAL response 3 [ D ]
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> outbound CHILD_SA con2{494} established with SPIs c51d7d8d_i ce6b1cec_o and TS 11.10.10.0/24 172.60.0.0/16 192.168.120.0/22 192.168.140.0/24 === 10.10.10.0/24 172.20.0.0/22 172.20.50.0/24 172.61.0.0/16 192.168.0.0/24
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> CHILD_SA closed
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> sending DELETE for ESP CHILD_SA with SPI c7c7c327
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> closing CHILD_SA con2{484} with SPIs c7c7c327_i (1900432700 bytes) cc438b09_o (1077351296 bytes) and TS 11.10.10.0/24 172.60.0.0/16 192.168.120.0/22 192.168.140.0/24 === 10.10.10.0/24 172.20.0.0/22 172.20.50.0/24 172.61.0.0/16 192.168.0.0/24
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> received DELETE for ESP CHILD_SA with SPI cc438b09
2021-08-16T12:04:40   charon[9940]   08[ENC] <con2|2570> parsed INFORMATIONAL request 3 [ D ]
2021-08-16T12:04:40   charon[9940]   08[NET] <con2|2570> received packet: from 62.225.43.82[49381] to 93.241.31.250[4500] (96 bytes)
2021-08-16T12:04:40   charon[9940]   08[NET] <con2|2570> sending packet: from 93.241.31.250[4500] to 62.225.43.82[49381] (608 bytes)
2021-08-16T12:04:40   charon[9940]   08[ENC] <con2|2570> generating CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> inbound CHILD_SA con2{494} established with SPIs c51d7d8d_i ce6b1cec_o and TS 11.10.10.0/24 172.60.0.0/16 192.168.120.0/22 192.168.140.0/24 === 10.10.10.0/24 172.20.0.0/22 172.20.50.0/24 172.61.0.0/16 192.168.0.0/24
2021-08-16T12:04:40   charon[9940]   08[CFG] <con2|2570> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ
2021-08-16T12:04:40   charon[9940]   08[IKE] <con2|2570> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
2021-08-16T12:04:40   charon[9940]   08[ENC] <con2|2570> parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
2021-08-16T12:04:40   charon[9940]   08[NET] <con2|2570> received packet: from Standort B[49381] to Standort A[4500] (624 bytes)
2021-08-16T12:04:39   charon[9940]   08[NET] <con2|2571> sending packet: from Standort A[4500] to Standort B[15518] (624 bytes)
2021-08-16T12:04:39   charon[9940]   08[IKE] <con2|2571> retransmit 3 of request with message ID 0
2021-08-16T12:04:26   charon[9940]   08[NET] <con2|2571> sending packet: from STandort A[4500] to Standort B[15518] (624 bytes)
2021-08-16T12:04:26   charon[9940]   08[IKE] <con2|2571> retransmit 2 of request with message ID 0




Print
Go Up Pages1
User actions