IPSEC Tunnel not working anymore

[jloipers]

Hi all,

we had the same issue here. We have 22 site-2-site IPSec tunnels running, three of them are ike v2.
All remote peers are different kind of firewalls (Cisco ASA, Lancom, Checkpoint) but no OPNsense.

After upgrading to 19.1.4 some tunnels worked fine some didn't. It didn't make any difference if it was ike v1 or v2.

As far as we can say all not working tunnels contain single host configurations in the phase 2 entries. But I am not sure about that matter 'cause we weren't able to test all connections.

After applying the patch (= removal of VTI) everything was fine, thanks for that!


Cheers

Josef

[siegfried]

Hi all,
same problem here. Since 19.1.4 a tunnel to a Fortigate cluster (2x Fortigate 200E) doesn't work anymore. SAs are created, the counters for incoming traffic are >0, but no outgoing traffic to the Fortigate box.

I'll try the patch later this evening.
Edit: Fortigate Firmware version: 5.6.3

[KittD]

Updated a bunch of routers last night from 19.1.2 to 19.1.4 and a few of them had VPN issues this morning. Reverted the patch on one of them, rebooted, and no issues right now.

[franco]

Appreciate the info. We removed the explicit reqid setting from non-VTI configurations and that should be it for 19.1.5.


Cheers,
Franco

[siegfried]

Moin!
Patch solved the issue. Thanks!

[emmitt]

Hi,

is it useful tp wait for 19.1.5?

If not, how can I download and install the patch?

Thanks!

[glasi]

Hi all,

I have the same issue here with a site-2-site IPSec tunnel. OPNsense does not build up the IPsec tunnel.

In my setup I can pin down the problem to the connection method in the tunnel settings. OPNsense fails to establish the IPsec tunnel when 'Start immediate' is selected as connection method.

As soon as I select 'Start on traffic' as connection method, everything works fine.

Can anybody reproduce this issue with his/her own setup?