[SOLVED] IPSec Site to Stte VPN Problem

[MikeA]

I have a site to site vpn tunnel up and running just fine with one phase 2 tunnel.  I'm trying to add another Phase 2 tunnel, but for whatever reason, I can't get the 2 tunnels to work at the same time.  If I disable Tunnel #1 and reconnect Tunnel #2 works.  If I re-enable Tunnel #1 and disable Tunnel #2 it works.  When both Tunnels are enable, only Tunnel #1 will work.

Both tunnels are on separate subnets.

Any help would on what I can do next would be greatly appreciated.

Thank you.

[Andreas]

Can you send as anonymized the logs?

[MikeA]

Where would I find the logs to send?

[Zeitkind]

Both tunnels are on separate subnets.

Are both sides the same hard/software running?
Many IPSec setups have problems with more than 1 phase-2 tunnels, but work fine with seperate tunnels, i.e. 1 tunnel (with phase 1+2) for each subnet.
e.g.:
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 2
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 3
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 4 behind static route on LAN 2
Site 1 with LAN 1 --- tunnel --- Site 2 with LAN 5 behind static route on LAN 3

[MikeA]

Actually not sure what the other side is running, but I can find out.  This worked on both my Sonicwall and pfSense with no problems. 

The tunnel shows that it's up and connected, just no traffic.

[MikeA]

I'll gladly supply the logs if you point me in the direction of acquiring them.

[fraenki]

I have a site to site vpn tunnel up and running just fine with one phase 2 tunnel.  I'm trying to add another Phase 2 tunnel, but for whatever reason, I can't get the 2 tunnels to work at the same time.

This is a known issue which will be fixed with release 15.7.21 in a few days, see https://forum.opnsense.org/index.php?topic=1774.msg5552 for further details.


Regards
- Frank