# IPSec: ICMP 192.168.70.x udp port 62962 unreachable, length 143



## alfa (Dec 26, 2022)

Hi,
i have installed site to site IPSec using Stronswan and fortigate

My site to site phase 2 connection is dropping sometimes
When i restart connection it continues


```
swanctl --terminate --ike site1
swanctl --initiate --ike site1
```

and my clients trying to solve dns over ipsec from 192.168.2.222 tcpdump shows "udp port  x unreachable" 
what can cause to this . Is this related with incorrect MTU?


```
tcpdump -i enc0 icmp

13:46:50.526032 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.1 > 192.168.2.222: ICMP echo request, id 15410, seq 0, length 64
13:46:50.561997 (authentic,confidential): SPI 0xc5bdb520: IP 192.168.2.222 > 192.168.70.1: ICMP echo reply, id 15410, seq 0, length 64
13:46:51.527385 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.1 > 192.168.2.222: ICMP echo request, id 15410, seq 1, length 64
13:46:51.563165 (authentic,confidential): SPI 0xc5bdb520: IP 192.168.2.222 > 192.168.70.1: ICMP echo reply, id 15410, seq 1, length 64
13:46:52.575171 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.182 > 192.168.2.237: ICMP 192.168.70.182 udp port 59920 unreachable, length 194
13:46:52.596826 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.182 > 192.168.2.222: ICMP 192.168.70.182 udp port 59923 unreachable, length 170
13:46:52.884889 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.161 > 192.168.2.222: ICMP 192.168.70.161 udp port 57708 unreachable, length 186
13:46:53.467817 (authentic,confidential): SPI 0xf12c077e: IP 192.168.70.161 > 192.168.2.222: ICMP 192.168.70.161 udp port 60042 unreachable, length 213
```


----------

