Issues after Migration - OPNSense IKEv2 IPSEC S2S-VPN with dynamic IP

[seroal]

Hi there,

I´m currently trying to migrate our test OPNSense Installation with multiple IKEv2 VPNs running to our new hardware with OPNSense Business 25.10. I imported the configuration on the new hardware, and always when switching over to the new hardware with OPNSense business version, all of the tunnels are running fine, except one. This one tunnel is one where the remote site is with a dynamic ip adress. The tunnel will not connect at all. With the current active system on the HQ using Community Edition 25.7.7, I can get it running all the time. Sometimes, after switching back from the new hardware, it seems to be necessary to reset the tunnel on the remote site. I also updated the IPSec Client side from 25.1 to 26.1.1, but nothing changed.


What could be the reason for this? I´m not fully convinced by using IPSec for such a use case here, but it was more like we had to move from a static pub ip to ad natted (rotuer in front) network.


Any ideas, why this only connection has such an issue, after the migration? I think I exported the configuration from the 25.1.11 community version and imported it to the mentioned 25.10.  Could this be an issue?


After the import on the OPNSense business Edition I only changed some interface assignments and I also configured HA.



Are there recommendations to setup such a remote dynamic client?



Thanks.