Dropping IPSec VPN Connection

[DaveA67]

Hi
We have a VPN connection (Opnsense in the cloud to Cisco on Premises) That seem to have random drops.
The Cisco is the clients own device, so we only have access to the Opnsense machine.

The logs do not give much away - is there a good way to diagnose this problem from the Opnsense machine?

Thanks!

[DaveA67]

Hi

Is anyone able to offer any pointers please?

Thanks!

[franco]

Hi there,

18.1.9 has a fix for ASA compatibility. Not sure if that's the case.

OTOH, it sounds a bit like the DPD is out of sync or not used.


Cheers,
Franco

[DaveA67]

Hi franco, thanks for that.
It could be ASA related as I don't have this problem with non Cisco VPNs.

I have since found that the VPN appears to drop at the Phase 2 SA expiry.
The ASA default is 28800 but the Opnsense 3600 so was dripping at around 50-55 minutes on the rekey I think.

We enabled DPD on the Cisco and the VPN now re-established automatically after a few seconds

I extended  the Opnsense Phase 2 SA to 28800 and it's not dropped since, although I am expecting it at around 7 hours 50.

[DaveA67]

Is 18.1.9 available?

I am currently on 18.1.7 but an upgrade check only shows 18.1.8 available?

Cheers

Dave

[franco]

Good news, thanks. 

Depends on your mirror, the default mirror has 18.1.9 for sure, others may take up to few hours to sync up.


Cheers,
Franco

[DaveA67]

It's OK I can see it now thanks! 

[DaveA67]

When upgrading is there a backout option if there are problems?
Not that I have ever had any problems upgrading I have to add.

If I restore a backup from the console, is that configuration only or will it also change the firmware version?

Cheers

Dave