Netgate SG-1000 microFirewall

Author Topic: Another IPSEC issue  (Read 21086 times)

0 Members and 1 Guest are viewing this topic.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Another IPSEC issue - same situation here
« Reply #15 on: January 21, 2015, 04:08:21 pm »
I have a similar issue as described here, and it it still seems to be the case on latest snapshot (2.2-RC (amd64) built on Fri Jan 16 11:53:08 CST 2015 FreeBSD 10.1-RELEASE-p4 on PC-Engines APU Board). 

Is your Internet connectivity extremely unstable? It appears that's the bulk of OP's issue, he's in the middle of nowhere with connectivity that's hit and miss and that seems to be the source of remaining issues there.

Offline swix

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +1/-0
    • View Profile
Re: Another IPSEC issue
« Reply #16 on: January 21, 2015, 05:36:07 pm »
IKE: AES 256 encryption with SHA1 auth, 7800 SA lifetime, IKE DH group : Group 5, MODP 1536
IPSEC:  AES 256 encryption with SHA1 auth, 3600 SA lifetime, IPsec PFS group: Group 5, MODP 1536

Line is very stable (DSL 30Mbit) and has not changed since the upgrade from pfsense 2.1.x to latest 2.2-RC.

Everything remained quite stable the last 2-3 days, with only an issue this afternoon, which disappeared as usual after a complete stop + start of the ipsec service.