IPsec VTI Connection Authentication-Error after Reboot

[EndermiteSlayer]

Hello,


I want to connect two OPNsenses with IPSec-VPN. I use the new Connection Type (with PSK and default proposals) and Route-Based VTI.

Basically the Connection establishes, but then I have the following Problem:
After a reboot from one OPNsense, the Connection is broken. If I manually trigger the Peer-Initialisation, then authentication fails and the counterpart raises:

Code Select Expand

tried 1 shared key for '%any' - '$IP-Address', but MAC mismatched
Vice versa the behaviour is the same, then the other OPNsense raises the Error.

I found out: When I delete the PreShredKey-Object and recreate it with the same parameters, I´m able to establishe the connection again.

What I am missing / doing wrong?

Additional Information: I have already VTI-VPN-Connections configured to other third-party-gateways, with the Local and Remote-Net 0.0.0.0/0 in the vpn-child-configuration. Can this cause the error?


Thanks!

[EndermiteSlayer]

I think I found an issue: I didn´t set (local and remote) IDs in the authentication-round.
Now it seems to work better.