Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Tunnel Interface Gateway off - until a VPN service restart

Geniux

I have 2 XG 18.3, each with 2 ISP links with static WAN IP.

There is a VPN tunnel - with tunnel interface mode - between both sites, on both ISP links.

Also, an interface gateway is created per xfrm interface, with unique IPs for each interface, in the 10.0.0.0 range.

routing between sites is handled by SD-WAN policy routes. it moreless works well.

sometimes, the interface gateway will show as down, even though the VPN tunnel shows as it's up.

the only way I can bring it online, is by restarting the VPN service in the console.

I had verified the system-generated packet and reply-packet are enabled, same with ping visible on the VPN zone.

where can I get logs on this ? 



This thread was automatically locked due to age.
  • 0

    you should see the IPSec logs in the strongswan log.

    We have had this problem on multiple sites for a long time, not with xfrm interface, we use the classic site-2-site link. It also happens with a single WAN link.

    The only way to fix was to restart the tunnel on the remote side via Webadmin on the WAN interface.

    Can you describe if your XGS on the remote side is using servers on HQ site as RADIUS or DNS servers?

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?