New Sophos Support Phone Numbers in Effect July 1st, 2023

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 15 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 5316 views
  • Users 0 members are here
Options
Suggested

ping kills RED tunnel

wlogic

Environment:
SFOS: 19.5.1 MR-1-Build278

SiteA: XGS 3xxx
SiteB: XGS 2xxx
SiteC: SD-RED 20

SiteA - SiteB: IPSEC tunnel (route based)
SiteA - SiteC: RED tunnel (standard/unified)

Ping test with host behind the tunnels:
SiteA to SiteB -> OK
SiteA to SiteC -> OK

SiteB to SiteA -> OK
SiteB to SiteC -> NOT OK -> RED tunnel disconnects and re-connects

SiteC to SiteA -> OK
SiteC to SiteB -> NOT OK -> RED tunnel disconnects and re-connects

red.log:
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD INFO: server: New connection from xxx.xxx.xxx.xxx with ID RXXXXXXXXXXXXXXXXX (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1

red-RXXXXXXXXXXXXXXXXX.log:
Fri May 5 07:52:22 2023Z REDD INFO command '{"data":{"message":"Unstable peers","type":"RUNTIME_ERROR_OCCURRED"},"type":"DISCONNECT"}'
Fri May 5 07:52:22 2023Z REDD INFO Disconnecting: Unstable peers
Fri May 5 07:52:23 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now disconnected
Fri May 5 07:52:23 2023Z REDD INFO device is disconnected.
Fri May 5 07:52:27 2023Z REDD INFO server: New connection from xxx.xxx.xxx.xxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Fri May 5 07:52:28 2023Z REDD INFO Disabling debug
Fri May 5 07:52:28 2023Z REDD INFO connected OK, pushing config
Fri May 5 07:52:29 2023Z REDD INFO command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
Fri May 5 07:52:29 2023Z REDD INFO Initializing connection running protocol version 0
Fri May 5 07:52:29 2023Z REDD INFO Sending json message {"data":{},"type":"WELCOME"}
Fri May 5 07:52:30 2023Z REDD INFO command '{"data":{},"type":"CONFIG_REQ"}'
Fri May 5 07:52:30 2023Z REDD INFO Sending json message {"data":......................}
Fri May 5 07:52:34 2023Z REDD INFO command '{"data":...........}'
Fri May 5 07:52:34 2023Z REDD INFO Sending json message {"data":{},"type":"SET_KEY_REP"}
Fri May 5 07:52:35 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now re-connected after 30000 ms
Fri May 5 07:52:35 2023Z REDD INFO command '{"data":{"uplink":"WAN1","wan1_ip":"xxx.xxx.xxx.xxx"},"type":"STATUS"}'
Fri May 5 07:55:00 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX transfered bytes TX: 3673888 RX: 3686052

8 month ago I think this exact issue has already been reported by "craig A":  Very Strange issue has anyone seen anything like this? - XGS RED 60 

Currently we are within working hours, therefore I haven't tested the suggested workaround: system ipsec-acceleration disable

I can not find this issue in the Sophos Known Issues list https://doc.sophos.com/support/kil/index.html

Do I see a new issue or is it really true that this for a minimum 8 month old issue is till today not fixed?
Hopefully the workaround "system ipsec-acceleration disable" works, but who wants this because this the main reason to buy a XGS!!!



Added tags
[edited by: Raphael Alganes at 9:16 AM (GMT -7) on 5 May 2023]
Parents Reply Children
No Data
Unfiltered HTML