IPsec Tunnel crashing frequently

[felixtech-msp]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X ] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

There are two OPNsense boxes (both running OPNsense 24.4-amd64 Business Edition) and both have a IPsec connection to each other with the following settings:

Phase 1

• Connection method: Start immediate
• Key Exchange version: V2
• Internet Protocol: IPv4
• Interface: WAN
• Remote gateway: IP of other site
• Authentication method: Mutual PSK
• My identifier: My IP address
• Peer identifier: Peer IP address
• Encryption algorithm: 256 bit AES-GCM with 128 bit ICV
• Hash algorithm: SHA512
• DH key group: 18
• Install policy: yes
• NAT Traversal: Disable

Phase 2 Mode: Tunnel IPv4 Local Network Type: LAN subnet Remote Network Type: Network (/24 subnet of other site) Protocol: ESP Encryption algorithms: AES256 Hash algorithms: SHA512

All other settings are unchecked/default.

The tunnel stays up for several hours and then stops working. On site A everything appears to be fine (Status Overview states Phase 1 connected and Phase 2 installed). On site B Phase 1 is stated as disconnected. Reconnecting doesn't fix anything. The IPsec service has to be restarted on both sites and then it immediately works again.

Expected behavior

The tunnel stays up forever.

Relevant log files

IPsec Logs stay empty. There is no log output which would help diagnose the issue.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.4-amd64 Business Edition Both sites use official OPNsense hardware

[Monviech]

That's a configuration issue. Look at how lifetimes and rekeying works. The IPsec logs are also not empty, they log everything.

[felixtech-msp]

I have exactly followed the official documentation on how to set up an IPsec site-to-site tunnel. I shouldn't have to deal with some undocumented crap. Also the logs are empty. That is clearly stated by the message "No results found!" in the "VPN: IPsec: Log File" even though a lot of stuff is set to "Highest" logging within the Advanced Settings. Your attitude is not helping at all...

[fichtner]

Feel free to open a new ticket and try to stay friendly and open.

[AdSchellevis]

when seeking commercial support, best use proper channels.