Unifi UDM Pro Max & Azure IPSec Tunnels

jfgreco · July 1, 2025, 11:39pm

Have an interesting one here. I have a UDM Pro Max connecting to Azure over IPSec site to site tunnels. I have three separate tunnels to three different resource groups (production, staging and legacy). All the tunnels are setup the same way using Azure Connections with the default IPSec policy using PSK.

Staging and Legacy seem to be rock solid. However, the production tunnel appears to keep disconnecting and reconnecting.

I see this in the UDM logs:

2025-07-01T18:54:44-04:00 UDM-Pro-Max ubios-udapi-server[1227]: signal-out-notifier: Sending to NET Signal-EVT_VPN-62: EVT_VPN_ClientDisconnected X.X.X.X (via vti64) on /vpn/ipsec/site-to-site/685fdcbd2352556b2ab7ddf4
2025-07-01T18:54:44-04:00 UDM-Pro-Max ubios-udapi-server[1227]: signal-out-notifier: Sending to NET Signal-EVT_VPN-63: EVT_VPN_ClientConnected X.X.X.X (via vti64) on /vpn/ipsec/site-to-site/685fdcbd2352556b2ab7ddf4

All three tunnels are setup exactly the same way in the UDM.

jfgreco · July 1, 2025, 11:45pm

I may have found the issue. I just noticed that the IKE Lifetime was set to 3600 and not 28800. I suspect this is the issue at hand.

pasterms · July 2, 2025, 1:00am

Thanks for sharing the details, super helpful. That shorter IKE lifetime could definitely explain the frequent reconnects on the production tunnel, especially if Azure is expecting the standard 28800. I’ve seen similar issues when lifetimes don’t match up exactly between peers. Curious to hear if adjusting it clears up the disconnects for good.

jfgreco · July 2, 2025, 3:21am

It appears to have been the issue. The tunnel has been up for over 2 hours now.