Automatically ping host (IPSEC) Don't work

martinc_77

Dear hoba,
                i stablish one VPN and run fine but this is set as movile client in 1 extreme.
                If the other extreme ping movile cliente all run fine, but later vpn is down.
                I ping from my pfsense-lan-interfase the other extreme and again is up, but if set the automatically ping host don't work

help me please

hoba

I have some devices out that use that option to always establish the tunnel from the dynamic end towards the static end after IP change and to keep the tunnel up. What IP did you enter as keepalive IP?

martinc_77

Use the IP deprived of firewall static and also it tries with the IP of a server located behind he himself firewall to which I arrive without problems.

hoba

Please tell me your tunneldefinitions (subnets on each side of the tunnel), the IP you enter as keepalive IP and which interfaces the subnets live on (LAN, OPTx).

martinc_77

my configuration is the next:

(192.168.0.1/32)                                                            (192.168.105.1/32)
LAN SUBNET –------------------ PFSENSE --------------- INET ------------------------ PFSENSE2-------------LAN SUBNET 2 (STATIC IP)
(192.168.0.0/24)                                                                                                        (192.168.105.0/24)

if i ping from LANSUBNET to LANSUBNET2 have reply, include from pfsense1 diagnostics ping to pfsense2(192.168.105.1)
but if i set automatically ping from pfsense1 to pfsense2 (192.168.105.1) this don't work and vpn down after some time.

help me hoba, so far I maintain a server(192.168.0.20) doing ping towards pfsense2 but it does not seem to me the ideal

hoba

Why are your subnetmasks at both pfSense /32?

martinc_77

I Use FOR VPN WAN Interfase in both pfsense.
In pfsense 1 have load-balancer with opt-wan.
PFSENSE 2 if movile client

martinc_77

no, it mistakes, to me it chewed it is 24 in both subnet. gateways is 192.168.0.1 and 192.168.105.1 respectively

hoba

Do I get this right? if you ping the keepalive IP from the loadbalanced pfSense from the webgui using interface LAN  the tunnel comes up and the other end responds or not? Or only if you ing from a client behind the pfSense?

martinc_77

the other end response in both case. only don't work and vpn down if i only set automatically ping host and stop the others pings.
is more, i run "tcpdump -v -i fxp0 dst 192.168.105.1 and icmp" from my pfsense1. fxp0 is the lan interfase, and no packets exit from my pfsense if only set automatically ping host, but if i go to the diagnostic-ping and write the same ip set in automatically ping host, now packets exit from my pfsense and tunnel is up again.

:(

i don't understand whatts happend dear hoba

hoba

I'll try to test this option soon with the latest build.