Ipsec strange and annoying problem
I have IPsecs between few OpenBSD machines (release: 4.6, 4.8 $ 4.9). IPsec is working fine for a long time, but here and there (at once, or at twice per day), IPsec traffic just stop. This kind of problem last ussually 17-18 minutes. SAs are still there (or, at least, ipsecctl show that), but traffic cant pass from netA to netB.
I use isakmpd, /etc/ipsec.conf and x509 certificates. There is no nat, no rdr.
Until few months ago, everything worked fine on OBSD 4.5 & 4.6 (So, I think, there is no problem in ipsec.conf or x508).
Any idea?
ps
Yes, I know about SHA, so between same BSD releases I use:
ike esp from $netA to $netB \
local $ipHOSTA peer $ipHOSTB \
main auth hmac-sha2-512 enc aes-256 group modp1024 \
quick auth hmac-sha2-512 enc aes-256 group modp1024
but between pre-4.7 and after-4.7 I use sha1
|