Hi,
i've two openbsd firewalls running
1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.
we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:
=== /etc/rc.conf.local ===
isakmpd_flags="-4 -K -v"
=== /etc/rc.conf.local ===
now from time to time the vpn becomes "unavailable",
though the established security association is visible via ipsecctl -sa.
i don't find anything suspucios in the log only "quick mode done"
=== /etc/ipsec.conf ===
ike active esp from $local_net to $remotenet peer $remotepeer \
main auth hmac-sha1 enc aes group modp1024\
quick auth hmac-sha1 enc aes group modp1024\
psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK
=== /etc/ipsec.conf ===
are there any hints what would be the best to debug next?
as till now i didn't see a pattern there.
delete the ruleset manually by solves the probleme temporarily
which could be needed more often when forced.
===
ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf
===
Georg
