IPsec Site2Site problems - tunnel works only a few hours

Started by opnboi, February 13, 2021, 02:51:38 PM

Previous topic - Next topic

hoping the get some help here too - it's the translated thread from there:


I'll skip the problematic part now, because the actual problem has been solved and the goal has been reached:


Starting point: The IPsec Site2Site tunnel to the remote FritzBox is up and running, and it can also be reached from the local W(LAN) of the OPNsense, as well as from the WireGuard network due to the SPD entry.

This works for a few hours, until this ominous hiccup, where there seem to be local DNS problems - the devices in the (W)LAN of the OPNsense then report no Internet access.

After the hiccup the IPsec tunnel doesn't work properly anymore, the SPD entry is still there but the traffic from the WireGuard VPN doesn't go through the IPsec interface anymore - sometimes the whole IPsec tunnel breaks down and I have to restart the OPNsense and maybe even the remote FritzBox to rebuild the tunnel :-\

I wonder where the error devil is hidden here, I haven't configured anything unusual - Unbound DNS runs with DNS over TLS, otherwise I can't think of anything else that could play a role here.

Has anyone ever had similar problems and/or a tip for me?

Thanks and best regards

If you need further information, feel free to ask :)

Kind regards