Hi,
i have installed site to site IPSec using Stronswan and fortigate
My site to site phase 2 connection is dropping sometimes
When i restart connection it continues
and my clients trying to solve dns over ipsec from 192.168.2.222 tcpdump shows "udp port x unreachable"
what can cause to this . Is this related with incorrect MTU?
i have installed site to site IPSec using Stronswan and fortigate
My site to site phase 2 connection is dropping sometimes
When i restart connection it continues
Code:
swanctl --terminate --ike site1
swanctl --initiate --ike site1and my clients trying to solve dns over ipsec from 192.168.2.222 tcpdump shows "udp port x unreachable"
what can cause to this . Is this related with incorrect MTU?
Code:
tcpdump -i enc0 icmp
13:46:50.526032 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.1 > 192.168.2.222: ICMP echo request, id 15410, seq 0, length 64
13:46:50.561997 (authentic,confidential): SPI 0xc5bdb520: IP 192.168.2.222 > 192.168.70.1: ICMP echo reply, id 15410, seq 0, length 64
13:46:51.527385 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.1 > 192.168.2.222: ICMP echo request, id 15410, seq 1, length 64
13:46:51.563165 (authentic,confidential): SPI 0xc5bdb520: IP 192.168.2.222 > 192.168.70.1: ICMP echo reply, id 15410, seq 1, length 64
13:46:52.575171 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.182 > 192.168.2.237: ICMP 192.168.70.182 udp port 59920 unreachable, length 194
13:46:52.596826 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.182 > 192.168.2.222: ICMP 192.168.70.182 udp port 59923 unreachable, length 170
13:46:52.884889 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.161 > 192.168.2.222: ICMP 192.168.70.161 udp port 57708 unreachable, length 186
13:46:53.467817 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.161 > 192.168.2.222: ICMP 192.168.70.161 udp port 60042 unreachable, length 213