Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN site-to-site does not reconnect after reboot

Andrej Pirman

Hi,

where can I configure Site-to-Site VPN on XGS client (initiate connection side) to establish connection after reboot or after upgrade? I've gone through all VPN settings many times and cannot find any setting, which would mean to me "auto connect" or something like this.

I have XGS-136 with UTM 18.5.2 MR-2-Build380.

Idea?



This thread was automatically locked due to age.
Parents
  • 0

    Another VPN Site-to-Site was up for 2 weeks, then one side power failed, and after comming back up does not only fail to re-connect automatically, but will not connect at all! LOG is just saying, IPSec could not connect or something like this.

    WEIRD: 2 days later connected without a problem!!!???

    What's going on? How do you suggest to diagnose?

  • 0 in reply to Andrej Pirman

    Hi Andrej Pirman 

    Both the site you have Sophos XG Firewall?

    Please share the IPSec VPN policy you have applied on each site?

    What you have set Gateway type where there was power failure? What is the current firmware Sophos XG ?

    Please share the above information with a snapshot 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Andrej Pirman

    Hi Andrej Pirman 

    Both the site you have Sophos XG Firewall?

    Please share the IPSec VPN policy you have applied on each site?

    What you have set Gateway type where there was power failure? What is the current firmware Sophos XG ?

    Please share the above information with a snapshot 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    No, this 3 locations have Draytek 2926 on site 1 and 3, while location 2 has XGS-136:

    • VPN from 2 to 1 works fine.... except once every 2 months does not reconnect after some failure.
    • VPN from 2 to 3 works OR does not work, depending. One week works, another week does not connect at all despite of numerous manual retries and reboots. The day later it connects just fine.
    • IPSec Policy is THE SAME for both VPN connections
    • Gateway tape is "Initiate Connection" on both VPN connections
    • Also VPN parameters on both Drayteks are exactly the same, same PSK also

  • 0 in reply to Andrej Pirman

    Hi Andrej Pirman

    Suspecting issue with IPSec VPN Policy at Draytek router.

    Can you share the VPN Policy configure at the Draytek router?

    Please check the logs with the below command if IPsec VPN is not getting established 

    console>tcpdump 'host <static public IP of Draytek router> and port 500 

    console>dr  'host <static public IP of Draytek router> and port 500 

    console> show vpn IPSec-logs

    tail -f /log/strongswan.log

    Please refer the link : https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/123740/sophos-xg-firewall-troubleshooting-site-to-site-ipsec-vpn-issues 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?