IPsec SA expired (LATEST!)


#1

My tunnel keeps going down frequently with the following error message:

I tried 1.0.5 and 1.1.3 versions.

Here is the relevant IPSec configuration.

esp-group ESP {
    compression disable
    lifetime 3600
    mode tunnel
    pfs enable
    proposal 1 {
        encryption aes128
            hash sha1
    }
}

ike-group IKE {
    dead-peer-detection {
        action restart
        interval 15
        timeout 45
    }
    lifetime 28800
    proposal 1 {
        dh-group 2
        encryption aes128
        hash sha1
    }
}

Any one have clues? I don’t have access to the logs from the other end of the site-to-site tunnel.

Thanks


#2

Is the lifetime the same on the other side of the tunnel?


#3

Hi,

You must configure identically phase 1 and 2 witch both side.

Anyway in my envinorment i have same problem. Check this topic:

http://forum.vyos.net/showthread.php?tid=6371