VPN Disconnects Until Manual Reset

VPN continuously drops out, below is an investigation of the logs from our UDM.

💡 VPN Appears to drop out with no warning, The below message repeats itself until the VPN is manually restarted

Feb 13 10:18:41 UDM-PRO authpriv.info charon: 06[IKE] establishing CHILD_SA 0000_0000_0000_0000{0000} reqid 10
Feb 13 10:18:41 UDM-PRO daemon.info charon: 06[IKE] establishing CHILD_SA 0000_0000_0000_0000{0000} reqid 10
Feb 13 10:18:41 UDM-PRO daemon.info charon: 06[ENC] generating CREATE_CHILD_SA request 864 [ N(REKEY_SA) SA No TSi TSr ]
Feb 13 10:18:41 UDM-PRO daemon.info charon: 16[ENC] parsed CREATE_CHILD_SA response 864 [ SA No TSi TSr ]
Feb 13 10:18:41 UDM-PRO daemon.info charon: 16[ENC] generating INFORMATIONAL request 865 [ D ]
Feb 13 10:18:41 UDM-PRO daemon.info charon: 12[ENC] parsed INFORMATIONAL response 865 [ D ]

This log suggests that the Site-To-Site VPN between the UDM-Pro and Fortinet firewall is failing. the Message appears to indicate that the VPN is continuously trying to re-establish the CHILD_SA (Child Security Association), which is the encryption protocol used for secure communication over the VPN.

UniFi's VPN / Teleport system uses StrongSwan for VPN communications, this may help for further research.

Success

This was a compatibility issue between FortiGate and Unifi, issue resolved by using a FortiGate in place of Unifi Equipment

Resources

Issue #1216: Re-authentication breaks ipsec tunnel - strongSwan