IPSec tunnel between OPNSense and pfSense

Started by granalberto, February 10, 2021, 04:43:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 10, 2021, 04:43:50 AM
Hi guys. I have a pfSense device (Netgate SG-1100) in one end and OPNSense in the other end. I was able to establish an IPSec tunnel but after one hour the tunnel is broken.
Here you can see the logs of the pfsense end trying to reestablish the connection by itself https://pastebin.com/9w6wbJCy and here you can see the logs when I push the button of child reconnect https://pastebin.com/pLjwP41B

The very first configuration was very basic defaults on both systems. After that, I think I have played with all the configuration fields (those that make sense, of course) and the result is always the same.

I can easily reestablish the tunnel by restarting the IKE tunnel, no matter on which end I do the restart.

Thank you in advance for any clue.
September 13, 2021, 12:34:35 AM #1
Late reply..

That's normally because PFS is on on one end (probably switched on on pfSense) and off at the OPNsense end.
At PFS lifetime of 1 hours (3600 seconds), the tunnel breaks.

To turn PFS on of off on OPNsense, under Phase 2 set the "PFS key group" to off or match the same DH key as pfSsense.
Print
Go Up Pages1
User actions