IPSec VPN keeps down after DSL lines reconnects...

Hi,

Please post IPsec logs. 

Thanks

Hi Sachin,

we have posted some logs and more and more users report the same problem.

Seems to be a firmware-bug isnt it? will it be fixed and when?

Can we get a hotfix from support for this or will it be in next GA-Update?

From Sophos I get this Number for the problem NUTM-4173 

From Sophos I get this Number for the problem NUTM-4173 

Hi All,

This is bug NUTM-4173. A fix will be provided in next firmware release.

Thanks

When will Sophos release a fix? We are waiting!

Restarting VPN every night is way beyond annoying. [:@]

agree !!

Hello,

"FORUM THREAD QUESTION: SOLVED" ?

Nothing is solved!  You post that Sophos fix this in next firmware release.......when is next? ....date?.....

In my case, i fix this with a cron job every night after reconnect of DSL -Lines. The UTM reboots 3 minutes after reconnect,

which is only possible because at night we have no critical connections.

agree.. chanced that back to unsolved.. its not solved for me at all....

Hi, Dirk, and welcome to the UTM Community!

None of my clients have, to my knowledge, these problems.  Just because a new version was released doesn't mean you should adopt it.

Cheers - Bob

Hi Bob,

thank´s für your reply, but it´s not realy helpful.

Just because you do not have the problem, it is not of it does not exist!

I thought the firmware is tested before release. But that's not so, and we are the endtester!

Cheers - Dirk :-)

Hi Bob,

your Answer is realy not very helpfull.

1st:  I  surely want ( and must for compliance reasons ) update to the latest firmware since otherwise the latest security fixes will not be applied.

Wasn't Sophos UTM something about security .... 

2nd:  Even if you don't know me , I do have the same Problems with multiple PPPOE ( VDSL) links on one firewall for years now as I already stated before and these Problems are ignored since 9.2 with similar helpfull comments like yours.

3rd:  I don't know how many customers you have in Oklahoma that use multiple VDSL connections from the Deutsche Telekom that are disconnected every day for one second . with site to site IPSEC VPNs . Let me guess but I think the number should be near Zero .

So lets please try to get the Sophos People to accept that there is a Problem because it is and its their Job to fix their Product !!!!

I still must reboot to the firewalls every night after the Telekom diconnect to get the VPNs up again.

Probably a workover of the PPPOE start/stop script mechanism, specially the firewall settings for the interfaces, would help, as far as I see ipsec is blocked on some interfaces by rule after the reconnect ....

BTW: Me and my Bosses are realy not very amused if whole locations cannot work !

Best

Helmut 

something maybe helpful for you:

- reboot isnt needed at all but easiest way (can put it in cron..).
you can set a debug option (Site2site VPN / IpSec / Debug / Control flow) apply it / deset it and apply and all ipsec vpn are up again.

i have 3 DSL Lines i use on my cluster (Deutsche Telekom) one is VDSL and 2 are DSL 16K... On my VDSL Line i disabled  "Daily reconnect" under Interfaces / Advanced.. that helps for that line (no more reconnects) but the other two will disconnect every 24h per definition from the provider..

hope the fix will come soon... its definitly a firmware bug... worked without probllems until 9.355.. since 9.4x its broken...

Yes, I need to agree here! I m also a partner for many years and I have seen alot with astaro/sophos. But lately its just bad.

I have also several customers with similar setups with this bug, including our own UTM. So this truely is just ignorance! And not to adopt security fixes..... come one.... cut me a break!