On 2011-05-03, Steven Surdock <ssurd...@engineered-net.com> wrote: > I see nearly identical results between two hosts running 4.8-stable. I > believe it started after upgrading to 4.8. I see nothing in the logs > during the outage. I have two tunnels, inside <-> inside and inside <-> > outside. I can see the outage via gaps in Cacti graphs. To help me > troubleshoot during the outage, I configured ifstated on the Cacti host > (not an IPSEC endpoint) with a ping test to the inside of the remote > gateway. This is supposed to alert me when the tunnel has issues. > Interestingly, while the Cacti graphs shows gaps, the ifstated ping test > has never failed.
Hmm, interesting. The ifstated pings will create separate PF states and the normal traffic might well be long-lived states... But in my case I do see the problem with new states.
