OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSec tunnel between OPNSense and pfSense
« previous next »
  • Print
Pages: [1]

Author Topic: IPSec tunnel between OPNSense and pfSense  (Read 2115 times)

granalberto

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
IPSec tunnel between OPNSense and pfSense
« on: February 10, 2021, 04:43:50 am »
Hi guys. I have a pfSense device (Netgate SG-1100) in one end and OPNSense in the other end. I was able to establish an IPSec tunnel but after one hour the tunnel is broken.
Here you can see the logs of the pfsense end trying to reestablish the connection by itself https://pastebin.com/9w6wbJCy and here you can see the logs when I push the button of child reconnect https://pastebin.com/pLjwP41B

The very first configuration was very basic defaults on both systems. After that, I think I have played with all the configuration fields (those that make sense, of course) and the result is always the same.

I can easily reestablish the tunnel by restarting the IKE tunnel, no matter on which end I do the restart.

Thank you in advance for any clue.
Logged

nzkiwi68

  • Full Member
  • ***
  • Posts: 182
  • Karma: 20
    • View Profile
Re: IPSec tunnel between OPNSense and pfSense
« Reply #1 on: September 13, 2021, 12:34:35 am »
Late reply..

That's normally because PFS is on on one end (probably switched on on pfSense) and off at the OPNsense end.
At PFS lifetime of 1 hours (3600 seconds), the tunnel breaks.

To turn PFS on of off on OPNsense, under Phase 2 set the "PFS key group" to off or match the same DH key as pfSsense.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • IPSec tunnel between OPNSense and pfSense
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2