Dropping IPSec VPN Connection

Started by DaveA67, May 25, 2018, 02:12:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 25, 2018, 02:12:56 PM
Hi
We have a VPN connection (Opnsense in the cloud to Cisco on Premises) That seem to have random drops.
The Cisco is the clients own device, so we only have access to the Opnsense machine.

The logs do not give much away - is there a good way to diagnose this problem from the Opnsense machine?

Thanks!
May 30, 2018, 09:41:14 PM #1
Hi

Is anyone able to offer any pointers please?

Thanks!
May 31, 2018, 11:42:11 AM #2
Hi there,

18.1.9 has a fix for ASA compatibility. Not sure if that's the case.

OTOH, it sounds a bit like the DPD is out of sync or not used.


Cheers,
Franco
May 31, 2018, 02:42:34 PM #3
Hi franco, thanks for that.
It could be ASA related as I don't have this problem with non Cisco VPNs.

I have since found that the VPN appears to drop at the Phase 2 SA expiry.
The ASA default is 28800 but the Opnsense 3600 so was dripping at around 50-55 minutes on the rekey I think.

We enabled DPD on the Cisco and the VPN now re-established automatically after a few seconds

I extended  the Opnsense Phase 2 SA to 28800 and it's not dropped since, although I am expecting it at around 7 hours 50.
May 31, 2018, 02:44:20 PM #4
Is 18.1.9 available?

I am currently on 18.1.7 but an upgrade check only shows 18.1.8 available?

Cheers

Dave

May 31, 2018, 02:45:17 PM #5
Good news, thanks.  8)

Depends on your mirror, the default mirror has 18.1.9 for sure, others may take up to few hours to sync up.


Cheers,
Franco
May 31, 2018, 03:33:46 PM #6
It's OK I can see it now thanks!  ;D
May 31, 2018, 03:36:00 PM #7
When upgrading is there a backout option if there are problems?
Not that I have ever had any problems upgrading I have to add.

If I restore a backup from the console, is that configuration only or will it also change the firmware version?

Cheers

Dave

Print
Go Up Pages1
User actions