Vpn goes down…
-
same problem here… approx 40 tunnel with other pfsense and smoothwall...
please let me know if you found a solution...tnx
Z -
Hello,
i agree with HOBA. Set the lifetime on both phases to 3600. For me it works great!!
Greetings Heiko -
the only thing i've found so far is this http://securitytracker.com/alerts/2005/Mar/1013433.html. but it looks like it was fixed in 2005
-
Hello,
i agree with HOBA. Set the lifetime on both phases to 3600. For me it works great!!
Greetings Heikohey man, how many tunnels you have? mobile users or static endpoints?
-
Whe you have static endpoints between Smothwall an pfsense, please set both phases to a lifetime of 3600. We tested it and it works with pfsense 1.01 (not releng snapshot). Please test it in Phase 2 with 28800.
This settings works for pfsense and smothwall (ipcop)
This settings works for me:
Phase 1 lifetime: 3600 sec.
Encrypt. Alg. 3DES
HasH. MD5
DH Key Group: 2
Pre Shared Key: xxxxPhase 2:
Protocol: ESP
Encrypt. Alg. only 3DES
Hash: only MD5
PFS Key Group : 2
Lifetime: 28800 or 3600 , you must tryOn Smothwall you must set compression to OFF.
Please try
Greetings
heikoGreetings
Heiko -
Hi … i think it should work with both lifetimes (eg. 3600/3600 or 86400/28800). What is suggested in official RFCs you can read here http://www.faqs.org/rfcs/rfc4308.html (search for lifetime).
Do you have a crypto card in your box? I have one and have also problems (especially after ip changes dynamic-static VPN) ... without my crypto card the tunnel keeps alive over an ip change ... maybe this can cause your problems?
-
i don't have crypto card in my box and my problem is that vpn service is going down on the pfsense server completely, not just keep alive function.
i have all static ip's and remotes are equiped with either linksys befvp41 or netgear fvs318 routers.
i'll try to set everything to 3600 today, but i think the only thing will change is that my server will be going down more often. -
Are you using main or aggressive mode? I think I once helped out a user in the IRC channel with a vpn to a netgear router and the problem was either main mode or aggressive (don't know the details anymore) but if you are currently using the one maybe try the other option.
-
everything is set to main mode. i'll try 3600 tonight if this wont work i'll move from mobile users setup to ipsec tunnel for each connection, if this wont work either… i guess i'm going to be fired ;D :(
-
…still why is ftp traffic going one way only? everything is by default under "rules".
-
ok… looks like "vpn goes down" problem was fixed. the server has been up for more then 24 hours now. but i still can't ftp to remote sites over vpn. pcanywhere (and file transfer) works fine, i can ssh and scp to remote pc's and they can ftp to my office, but i cant ftp to them. does anybody know how to fix this? tnx
p.s. this _If you want to connect to a FTP server you need to add this workaround to your LAN tab.
Proto Source Port Destination Port Gateway TCP LAN net * 127.0.0.1 1 - 65535 *
Now the packets are forwarded correctly and you can connect to an FTP server._ is not helping.
ok… ftp problem was fixed too 8) as they say "if nothing works read the manual" ;D ::)