This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Site to Site Connections stop working

Hi,

We are using SFOS 18.0.5 MR-5-Build586 on a SG210.

Starting with this week we have a big Problem with our VPN. We have around 20 IPSec Site to Site connections to our customers.

Up to now they stopped working without us seeing the reason for 4 times now. To get them working again, i have to use PuTTY to restart the VPN Service (or to restart the whole appliance).

There is no observable pattern. It happened on monday, tuesday and thursday night and friday afternoon.

In strongswan log it lools like this:

At some point it stops the usual DPD traffic. Then there is one IKE_SA_INIT request. After a few minutes he starts creating rekey/delete jobs and some acquire jobs.

After doing nothing else than that for around 1 hour (Connections are already not working anymore), it starts logging "error getting interface name" until i restart the VPN Service.

Usual traffic stopping:

2021-11-30 22:39:55 32[IKE] <K67073-1|66> sending DPD request
2021-11-30 22:39:55 32[ENC] <K67073-1|66> generating INFORMATIONAL request 1680 [ ]
2021-11-30 22:39:55 32[NET] <K67073-1|66> sending packet: from <Our Gateway>[500] to <Gateway K67073>[500] (80 bytes)
2021-11-30 22:39:55 32[NET] <K67073-1|66> received packet: from <Gateway K67073>[500] to <Our Gateway>[500] (80 bytes)
2021-11-30 22:39:55 32[ENC] <K67073-1|66> parsed INFORMATIONAL response 1680 [ ]
2021-11-30 22:39:57 32[NET] <K96611-1|65> received packet: from <Gateway K96611>[500] to <Our Gateway>[500] (80 bytes)
2021-11-30 22:39:57 32[ENC] <K96611-1|65> parsed INFORMATIONAL request 2458 [ ]
2021-11-30 22:39:57 32[ENC] <K96611-1|65> generating INFORMATIONAL response 2458 [ ]
2021-11-30 22:39:57 32[NET] <K96611-1|65> sending packet: from <Our Gateway>[500] to <Gateway K96611>[500] (80 bytes)
2021-11-30 22:39:58 32[NET] <K37274-1|118> received packet: from <Gateway K37274>[500] to <Our Gateway>[500] (140 bytes)
2021-11-30 22:39:58 32[ENC] <K37274-1|118> parsed INFORMATIONAL_V1 request 2341568092 [ HASH N(DPD) ]
2021-11-30 22:39:58 32[ENC] <K37274-1|118> generating INFORMATIONAL_V1 request 1164079833 [ HASH N(DPD_ACK) ]
2021-11-30 22:39:58 32[NET] <K37274-1|118> sending packet: from <Our Gateway>[500] to <Gateway K37274>[500] (140 bytes)
2021-11-30 22:39:58 32[NET] <1489> received packet: from <Gateway Customer wihtout active Connection on our side>[500] to <Our Gateway>[500] (694 bytes)
2021-11-30 22:39:58 32[ENC] <1489> parsed IKE_SA_INIT request 0 [ SA KE No V V V V N(NATD_S_IP) N(NATD_D_IP) ]
2021-11-30 22:41:05 02[KNL] creating rekey job for CHILD_SA ESP/0xc3b63cc9/<Gateway other Customer>
2021-11-30 22:41:06 02[KNL] creating rekey job for CHILD_SA ESP/0x83f585aa/<Gateway other Customer>
2021-11-30 22:41:21 02[KNL] creating rekey job for CHILD_SA ESP/0x29cab48a/<Gateway other Customer>
2021-11-30 22:41:38 02[KNL] creating rekey job for CHILD_SA ESP/0xc8f52304/<Our Gateway>
2021-11-30 22:41:57 02[KNL] creating rekey job for CHILD_SA ESP/0xcb2acb0c/<Our Gateway>
2021-11-30 22:42:24 02[KNL] creating rekey job for CHILD_SA ESP/0xe4350b45/<Gateway other Customer>
2021-11-30 22:43:01 02[KNL] creating rekey job for CHILD_SA ESP/0xc1e39a34/<Our Gateway>
2021-11-30 22:43:24 02[KNL] creating rekey job for CHILD_SA ESP/0xc2a15839/<Our Gateway>
2021-11-30 22:43:27 02[KNL] creating rekey job for CHILD_SA ESP/0xb7b986fe/<Gateway K67073>
2021-11-30 22:43:33 02[KNL] creating rekey job for CHILD_SA ESP/0xc35833a7/<Our Gateway>
2021-11-30 22:43:45 02[KNL] creating rekey job for CHILD_SA ESP/0xcc21191f/<Our Gateway>
2021-11-30 22:44:02 02[KNL] creating rekey job for CHILD_SA ESP/0xf14f72a6/<Gateway K96611>
2021-11-30 22:45:52 02[KNL] creating rekey job for CHILD_SA ESP/0xd0cd0464/<Gateway other Customer>
2021-11-30 22:46:34 02[KNL] creating rekey job for CHILD_SA ESP/0xc76af199/<Our Gateway>
2021-11-30 22:47:09 02[KNL] creating rekey job for CHILD_SA ESP/0xc94b294a/<Our Gateway>
2021-11-30 22:47:52 02[KNL] creating delete job for CHILD_SA ESP/0xc8f52304/<Our Gateway>
2021-11-30 22:47:52 02[KNL] creating delete job for CHILD_SA ESP/0xc3b63cc9/<Gateway other Customer>
2021-11-30 22:48:49 02[KNL] creating rekey job for CHILD_SA ESP/0x6a5d7500/<Gateway other Customer>
2021-11-30 22:49:47 02[KNL] creating delete job for CHILD_SA ESP/0xc1e39a34/<Our Gateway>
2021-11-30 22:49:47 02[KNL] creating delete job for CHILD_SA ESP/0x83f585aa/<Gateway other Customer>

Changing to "error getting interface name":

2021-11-30 23:35:19 02[KNL] creating delete job for CHILD_SA ESP/0xc57aabf1/<Gateway>
2021-11-30 23:35:19 02[KNL] creating delete job for CHILD_SA ESP/0xca4650e0/<Gateway>
2021-11-30 23:35:47 02[KNL] creating delete job for CHILD_SA ESP/0xcb69fa3b/<Gateway>
2021-11-30 23:35:47 02[KNL] creating delete job for CHILD_SA ESP/0xcc7ba8a3/<Gateway>
2021-12-01 00:29:48 02[KNL] creating rekey job for CHILD_SA ESP/0x2eec4df2/<Gateway>
2021-12-01 00:30:38 02[KNL] creating rekey job for CHILD_SA ESP/0xcd1c14b9/<Gateway>
2021-12-01 00:36:48 02[KNL] creating delete job for CHILD_SA ESP/0xcd1c14b9/<Gateway>
2021-12-01 00:36:48 02[KNL] creating delete job for CHILD_SA ESP/0x2eec4df2/<Gateway>
2021-12-01 01:26:12 03[NET] error getting interface name
2021-12-01 01:26:12 03[NET] error getting interface name
2021-12-01 01:26:12 03[NET] error getting interface name
2021-12-01 01:26:12 03[NET] error getting interface name
2021-12-01 01:26:18 03[NET] error getting interface name
2021-12-01 01:26:20 03[NET] error getting interface name
2021-12-01 01:26:22 03[NET] error getting interface name

Do you have any ideas, what could cause these problems?

Thanks!



This thread was automatically locked due to age.