Environment:
SFOS: 19.5.1 MR-1-Build278
SiteA: XGS 3xxx
SiteB: XGS 2xxx
SiteC: SD-RED 20
SiteA - SiteB: IPSEC tunnel (route based)
SiteA - SiteC: RED tunnel (standard/unified)
Ping test with host behind the tunnels:
SiteA to SiteB -> OK
SiteA to SiteC -> OK
SiteB to SiteA -> OK
SiteB to SiteC -> NOT OK -> RED tunnel disconnects and re-connects
SiteC to SiteA -> OK
SiteC to SiteB -> NOT OK -> RED tunnel disconnects and re-connects
red.log:
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD INFO: server: New connection from xxx.xxx.xxx.xxx with ID RXXXXXXXXXXXXXXXXX (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
red-RXXXXXXXXXXXXXXXXX.log:
Fri May 5 07:52:22 2023Z REDD INFO command '{"data":{"message":"Unstable peers","type":"RUNTIME_ERROR_OCCURRED"},"type":"DISCONNECT"}'
Fri May 5 07:52:22 2023Z REDD INFO Disconnecting: Unstable peers
Fri May 5 07:52:23 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now disconnected
Fri May 5 07:52:23 2023Z REDD INFO device is disconnected.
Fri May 5 07:52:27 2023Z REDD INFO server: New connection from xxx.xxx.xxx.xxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Fri May 5 07:52:28 2023Z REDD INFO Disabling debug
Fri May 5 07:52:28 2023Z REDD INFO connected OK, pushing config
Fri May 5 07:52:29 2023Z REDD INFO command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
Fri May 5 07:52:29 2023Z REDD INFO Initializing connection running protocol version 0
Fri May 5 07:52:29 2023Z REDD INFO Sending json message {"data":{},"type":"WELCOME"}
Fri May 5 07:52:30 2023Z REDD INFO command '{"data":{},"type":"CONFIG_REQ"}'
Fri May 5 07:52:30 2023Z REDD INFO Sending json message {"data":......................}
Fri May 5 07:52:34 2023Z REDD INFO command '{"data":...........}'
Fri May 5 07:52:34 2023Z REDD INFO Sending json message {"data":{},"type":"SET_KEY_REP"}
Fri May 5 07:52:35 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now re-connected after 30000 ms
Fri May 5 07:52:35 2023Z REDD INFO command '{"data":{"uplink":"WAN1","wan1_ip":"xxx.xxx.xxx.xxx"},"type":"STATUS"}'
Fri May 5 07:55:00 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX transfered bytes TX: 3673888 RX: 3686052
8 month ago I think this exact issue has already been reported by "craig A": Very Strange issue has anyone seen anything like this? - XGS RED 60
Currently we are within working hours, therefore I haven't tested the suggested workaround: system ipsec-acceleration disable
I can not find this issue in the Sophos Known Issues list https://doc.sophos.com/support/kil/index.html
Do I see a new issue or is it really true that this for a minimum 8 month old issue is till today not fixed?
Hopefully the workaround "system ipsec-acceleration disable" works, but who wants this because this the main reason to buy a XGS!!!
This thread was automatically locked due to age.
