Dear all,
I recently started as an IT manager and “inherited” 1 severe issue where packets over VPN are dropped.
I’ve already view many of the Lawrence Systems pfSense video’s on YT, but I’m stuck on this one.
I really hope somebody can point me in the right direction.
Overview of the setup/issue :
- 1 main office (IP range 192.168.9.x), equipped with Netgate 7100 FW running pfSense v23.09.1.
- 6 branch offices (IP range 192.168.1.x, 192.168.2.x, etc…), equipped with a variety of smaller pfSense FW’s - some Netgate, some pfSense running on pc - connecting to main office via IPSEC VPN.
- ±20 home workers, connecting via Mobile IPSEC VPN.
Main office is running main application to which all co-workers connect.
On daily base, co-workers are loosing their connectivity towards main office multiple times.
Results of the investigation so far (taking Wireshark of contineous ping requests from branch offices to servers running in main office)
- All Ping Requests from branch offices arrive at Main office immediately (visible both on VPN interface and on LAN interface of main office). No issue here.
- Ping Requests are sent to appropriate servers via LAN interface & Ping Response from internal servers is visible on LAN interface of main FW within milliseconds. Also no issue here.
- However the response from the internal servers cannot be found on the VPN interface of the main FW. Seems like the responses are “dropped” on the FW and never sent over the WAN interface.
- When the issue occurs, all VPN’s connections are affected simultaneously. Issue normally last for 2 to 5 minutes after which it auto-restores.
- Ping Requests from branch offices to LAN IP of the main office FW itself(192.168.9.202) are not being dropped!
- Ping requests towards the WAN IP(s) of main office are not impacted.
- Not sure but:
Seems like VPN service restart (briefly) resolves the issues.
During holiday period (last 3 weeks), stopped occuring, so I’m thinking it might be load-related, however 26 VPN should not be an issue I think?
In both the System log and the IPSEC log, I don’t see any particalur errors at those timestamps (however I’m not an VPN/IPSEC expert).
Any tips/help for further troubleshooting is greatly appreciated.