OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • 17.1.1 ipsec reneg delays
« previous next »
  • Print
Pages: [1]

Author Topic: 17.1.1 ipsec reneg delays  (Read 2150 times)

xofer

  • Newbie
  • *
  • Posts: 40
  • Karma: 2
    • View Profile
17.1.1 ipsec reneg delays
« on: February 22, 2017, 01:44:53 pm »
I have configured site to site ipsec from one opnsense to another and clients have intermittent connection issues through the connection. At some point the tunnel drops and renegotiation is not successful for several minutes.

Going through the log, i stumbled upon this:
peer A:
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----
Feb 22 14:30:02 peerA charon: 06[IKE] sending cert request for -----cert information deleted as this is a public forum----


peer B:
Feb 22 14:30:02 peerB charon: 12[IKE] received 2 cert requests for an unknown ca
 



Ipsec negotiation succeeds 2 minutes(!) later.

The strange thing is that ipsec is configured to use Mutual PSK, not certificates. The certificates in question are used for OpenVPN clients on peer A.


Why does ipsec use these certificates at all?
Am I right to suspect that this is the cause for the delay that one peer tries to authenticate using these CAs?
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • 17.1.1 ipsec reneg delays
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2