Netgate SG-1000 microFirewall

Author Topic: Multiple child SA entries (same tunnel)  (Read 500 times)

0 Members and 1 Guest are viewing this topic.

Offline ubbersense

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Multiple child SA entries (same tunnel)
« on: October 17, 2016, 01:13:51 am »
Hello experts, can someone help me please. I'm experimenting some weird issues with an ipsec site to site tunnel, the most time  works fine, but for some reason after a while it begins to duplicate the phase 2 entries, i mean the same local network, same remote network, different spi. When the number of entries are many, i dont know exactly the exact number but lets say, more than 15, the tunnel stops to work and i have to disconnect it and reconnect it manually.



Thanks in advanced for your help

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21548
  • Karma: +1469/-26
    • View Profile
Re: Multiple child SA entries (same tunnel)
« Reply #1 on: October 19, 2016, 02:25:50 pm »
What settings do you have on the Phase 1 entry for this tunnel and on the Advanced tab in IPsec?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ubbersense

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Re: Multiple child SA entries (same tunnel)
« Reply #2 on: October 19, 2016, 04:40:59 pm »
@jimp This are the settings :






Thanks

Offline Fred9176

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Multiple child SA entries (same tunnel)
« Reply #3 on: January 30, 2018, 06:40:14 am »
Hi,

Did you managed to solve your problem ? I have exactly the same strange thing : duplication of phase 2 which leads to freeze the VPN.

I had this issue for long (2.3.?) and even now with the 2.4.2-1 version.

Thanks,

Fred