I’ve been using Vyos for the last 6 months and am mightily impressed by all it can do.
I’ve run into an issue with creating an IPSEC VPN with a Palo Alto Networks firewall. It seems to connect when the peer reboots or fails over his firewall cluster, but the VPN fails on rekeying.
To add insult to injury - IKE seems to stay in init mode throughout the life of the VPN. When the VPN fails… no packets seem to come back. I send out IKE but tcpdump doesn’t show anything coming back.
So essentially at this point we’re resetting the palo alto everytime to it’s failover to get the vpn back up until it times out.
We’re using main mode. The settings for IKE are AES-128, sha1, DH group2.
This used to work on an Cisco vASA firewall.
Has anyone seen this kind of behaviour before? and any ideas on how to troubleshoot?
Thanks for your time,