Hi list.
There is IPSec site-to-site configuration between five endpoint over
Internet.
IPSec configured with manual flows and manual SAs.
All is working smooth for years.
Except one new route/tunnel that looks like working fine, i.e. it
delivers traffic
between local nets (A and B) that are behind firewalls (gwA and gwB).
But suddenly it may occur that traffic from net A isn't going to net B.
After a while it resume to work.
The output of "ipsecctl -sa" always reports that FLOWS and SADs
are exists for problematic route/tunnel.
pf.conf allows ESP proto on external interface on both gateways in both
direction.
pf.conf allows traffic on both gateways from opposite network to local
network.
In case there were mistakes in ipsec.conf or pf.conf it won't even work
I think.
Any thoughts how to deal with that?
Will it be helpful to provide extra information, configs, etc?
Thanks.
Pavel.
