IPSEC to Linux question
sime
Newbie ✭
Hi community,
I have a SONICWALL TZ 270 and successfully created an IPSEC tunnel to a Linux (Ubuntu) server. The tunnel works without any issues for the first 40-50 minutes, then it seems to stop working for no apparent reason. Traffic is active (e.g. VNC connection), so lack of traffic is not the issue (which certainly could drop the tunnel). I also had a continuous ping running to ensure activity. The tunnel seems to remain up, just traffic no longer traverses the tunnel.
I have a second IPSEC tunnel going from a different location to the same Linux server (originating from a pfsense firewall), which does not have any issues.
If I disable and re-enable the VPN tunnel on the sonicwall, it starts working right away - for the next 40-50 minutes, then it stops again.
I tried looking through log files on both the Linux server as well as on the sonicwall but can't find any indication as to why no more traffic can pass through.
My questions for you:
- How can I crank up logging on Sonicwall to hopefully find what causes this behavior?
- Did anyone encounter similar issues and how did you fix them?
- Does anyone have recommendations where to look next on Sonicwall?
Thanks for your help.
Answers
Check the timers on both ends of the tunnel.
Does restarting the ipsec service also fix this?
@Arkwright Thanks. I assume you mean the lifetime when you refer to timer? They were not explicitly set on the Linux box, so it was using its default. I changed that and set it to the same value as on the Sonicwall. I also restarted the Sonicwall for good measures, and kicked of the stopwatch to see if it drops again after 40-50 min. Let's wait and see what happens.
Thanks.
adding the lifetime to ipsec.conf on linux did not make any difference. stopped again after 45 min