Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.1 ipsec reneg delays
« previous
next »
Print
Pages: [
1
]
Author
Topic: 17.1.1 ipsec reneg delays (Read 3544 times)
xofer
Newbie
Posts: 42
Karma: 2
17.1.1 ipsec reneg delays
«
on:
February 22, 2017, 01:44:53 pm »
I have configured site to site ipsec from one opnsense to another and clients have intermittent connection issues through the connection. At some point the tunnel drops and renegotiation is not successful for several minutes.
Going through the log, i stumbled upon this:
peer A:
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----
peer B:
Feb 22 14:30:02 peerB charon: 12[IKE] received 2 cert requests for an unknown ca
Ipsec negotiation succeeds 2 minutes(!) later.
The strange thing is that ipsec is configured to use Mutual PSK, not certificates. The certificates in question are used for OpenVPN clients on peer A.
Why does ipsec use these certificates at all?
Am I right to suspect that this is the cause for the delay that one peer tries to authenticate using these CAs?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.1 ipsec reneg delays