I see nearly identical results between two hosts running 4.8-stable. I believe it started after upgrading to 4.8. I see nothing in the logs during the outage. I have two tunnels, inside <-> inside and inside <-> outside. I can see the outage via gaps in Cacti graphs. To help me troubleshoot during the outage, I configured ifstated on the Cacti host (not an IPSEC endpoint) with a ping test to the inside of the remote gateway. This is supposed to alert me when the tunnel has issues. Interestingly, while the Cacti graphs shows gaps, the ifstated ping test has never failed.
-Steve S. > -----Original Message----- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > MG > Sent: Monday, May 02, 2011 3:59 PM > To: misc@openbsd.org > Subject: Re: IPSEC tunnels failing intermittently > ... > > > I am also experiencing random drops that last for approximately 14 > minutes. This is between two OpenBSD 4.8 boxes. Pinging devices > through the IPSec tunnel begins to fail but pinging the external IP > address works fine during the outages. I'm new to tunnels so I'm not > sure how to troubleshoot exactly. I have multiple subnets on both sides > of the f/ws. I was getting cookie errors in /var/log/messages but I > don't see them in my recent logs and my log files have turned over.
