Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug - IPsec KeepAlive

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    7 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eureka
      last edited by

      Hi everyone!
      Im using this version:

      1.3-ALPHA-ALPHA
      built on Mon Oct 6 20:23:59 EDT 2008
      FreeBSD 7.0-RELEASE-p5

      Setting IP address in IPsec tunnel appears to not ping host.

      From looking around the only thing i can figure out is that this is attempting to ping from the WAN interface. If this is the case trying to ping my "internal" address to keep my IPsec up wont work as the wan interface doesn't know how to get to the internal address.

      Is there a way to set the interface used to ping?
      My current workaround is to setup a cronjob on the pfbox to ping every 10 sec from the internal interface.

      i.e. ping -S ping.from.lan.inf to.int.vpn.ip

      Please let me know if im just setting this up wrong!

      Thanks all.

      -Eureka

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        what does /var/db/ipsecpinghosts contain?

        1 Reply Last reply Reply Quote 0
        • N
          nocer
          last edited by

          Hi

          How about you try something more recent build? Many glitches have been addressed in the recent build.

          cheers,

          1 Reply Last reply Reply Quote 0
          • E
            eureka
            last edited by

            Hi,
            Ill  upgrade to the latest snapshot asap.
            This is what i found in the file you suggested.

            |ip.to.ping.here|

            e.x.

            (ip address that if pinged should initiate the VPN connection.
            |10.10.8.77|

            -E

            @cmb:

            what does /var/db/ipsecpinghosts contain?

            1 Reply Last reply Reply Quote 0
            • E
              eureka
              last edited by

              Hi All,
              I have not yet had a chance to test this again but after doing to update i now see this in /var/db/ipsecpinghosts

              |10.10.8.1|3

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                That's the problem, the new IPsec doesn't put the source IP in there and hence it isn't used. Will report to the author of the new IPsec code.

                1 Reply Last reply Reply Quote 0
                • E
                  eureka
                  last edited by

                  Thanks!
                  If you want to send me a PM or repost here after any changes are made to this i would be happy to test it for you!

                  -E

                  @cmb:

                  That's the problem, the new IPsec doesn't put the source IP in there and hence it isn't used. Will report to the author of the new IPsec code.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.