IPsec SA expired (LATEST!)

system · February 13, 2015, 8:44pm

My tunnel keeps going down frequently with the following error message:

I tried 1.0.5 and 1.1.3 versions.

Here is the relevant IPSec configuration.

esp-group ESP {
    compression disable
    lifetime 3600
    mode tunnel
    pfs enable
    proposal 1 {
        encryption aes128
            hash sha1
    }
}

ike-group IKE {
    dead-peer-detection {
        action restart
        interval 15
        timeout 45
    }
    lifetime 28800
    proposal 1 {
        dh-group 2
        encryption aes128
        hash sha1
    }
}

Any one have clues? I don’t have access to the logs from the other end of the site-to-site tunnel.

Thanks

JFL · February 17, 2015, 8:31am

Is the lifetime the same on the other side of the tunnel?

biedron · February 24, 2015, 8:07am

Hi,

You must configure identically phase 1 and 2 witch both side.

Anyway in my envinorment i have same problem. Check this topic:

http://forum.vyos.net/showthread.php?tid=6371