Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 2979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XFRM issue after provider IP-change

lki

Hi guys,

pretty new to route-based routing with tunnel interfaces, aka xfrm-interfaces.
I successfully connected a home office (SFOS Home - 18.0.1 MR-1-Build396) with head office (XG125w - 18.0.1 MR-1-Build396) using tunnel interface with standard IKEv2 policy.

I experienced that the connection appreared green on both sides, but I was not able to reach the other side. I found out, that the interface on the responder's side was disabled so I brought the interface up through CLI.

After that the connection works just fine, but after some days I found out, that the interface goes down, maybe after the provider changes the Dynamic IP-address?

Do you have any experience on that scenario since I have to bring up the interface manually every time I want to use the tunnel.

cheers 



This thread was automatically locked due to age.
  • 0 

    2020-10-04 04:03:16 [xfrm3] -----------------------------------------------------------------------------------------
2020-10-04 04:03:16 [xfrm3] Start executing... (removeip xfrm3 192.168.32.251 255.255.255.0 0)
2020-10-04 04:03:16 [xfrm3] ACTION: removeip INTERFACE: xfrm3
2020-10-04 04:03:16 [xfrm3] INTERFACE state: 1
2020-10-04 04:03:16 [xfrm3] IP: 192.168.32.251 NETMASK: 255.255.255.0 FAMILY: 0
2020-10-04 04:03:16 [xfrm3] Done
2020-10-04 04:03:19 [xfrm3] -----------------------------------------------------------------------------------------
2020-10-04 04:03:19 [xfrm3] Start executing... (addip xfrm3 192.168.32.251 255.255.255.0 0)
2020-10-04 04:03:19 [xfrm3] ACTION: addip INTERFACE: xfrm3
2020-10-04 04:03:19 [xfrm3] INTERFACE state: 1
2020-10-04 04:03:19 [xfrm3] IP: 192.168.32.251 NETMASK: 255.255.255.0 FAMILY: 0
2020-10-04 04:03:19 [xfrm3] Done
2020-10-05 04:03:07 [xfrm3] -----------------------------------------------------------------------------------------
2020-10-05 04:03:07 [xfrm3] Start executing... (removeip xfrm3 192.168.32.251 255.255.255.0 0)
2020-10-05 04:03:07 [xfrm3] ACTION: removeip INTERFACE: xfrm3
2020-10-05 04:03:07 [xfrm3] INTERFACE state: 0
2020-10-05 04:03:07 [xfrm3] IP: 192.168.32.251 NETMASK: 255.255.255.0 FAMILY: 0
2020-10-05 04:03:07 [xfrm3] Done
2020-10-05 08:56:53 [xfrm3] -----------------------------------------------------------------------------------------
2020-10-05 08:56:53 [xfrm3] Start executing... (addip xfrm3 192.168.32.251 255.255.255.0 0)
2020-10-05 08:56:53 [xfrm3] ACTION: addip INTERFACE: xfrm3
2020-10-05 08:56:53 [xfrm3] INTERFACE state: 1
2020-10-05 08:56:53 [xfrm3] IP: 192.168.32.251 NETMASK: 255.255.255.0 FAMILY: 0
2020-10-05 08:56:53 [xfrm3] Done

  • 0 in reply to lki

    The Interface is down? How do you put it up again? Could be a Bug. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi LuCar Toni!

    ifconfig xfrm3 up

  • 0 in reply to lki

    as seen in xfrmi.log after IP-change at around 4am the interface goes down and sometimes is able to come up again...

  • +1 in reply to lki

    after adjusting dynamic ip change time the problem disappeared (for now)

  • 0 in reply to lki

    still encountering troubles sometimes with the s2s connection via xfrm interface.
    In some cases I have to re-initiate the connection to reach remote ressources through the tunnel.

Unfiltered HTML