Configuring lifebyte parameter

2tt

Hi everybody.

I have the typical problem with a tunnel from a pfSense 1.2.3 to a Cisco Router.

In the Cisco side they have configured a lifetime of 4608000 bytes, but I can not configure this parameter in the originating pfSense. Phase 1 and Phase 2 lifetimes in seconds are correctly configured in both ends.

The result is as expected, the tunnel works for 30-40 minutes until the encripted data reachs 4608000 bytes. In that moment the cisco sends a delete messages and the pfSense ignores it, sending data with the old SA that is discarted in the Cisco side.

Can I manually introduce this lifebyte parameter in my pfSense?

Thanks in advance.

Juan Diego.

2tt

Hi again.

After inspection of racoon.conf definition, I find out that there is not a lifetime in bytes. I suppose this is a compatibility issue with Cisco and other versions of IPsec.

Best regards.

cmb

Yeah, you have to disable lifetimes in bytes or set it so high you'll never reach it in the lifetime in seconds.

2tt

Thanks a lot cmb.

So you can manually introduce lifetime in bytes in pfsense 1.2.3?

I suppose the grammar is like 'lifetime byte 50000 KB;' but I dont know how to introduce it in racoon.conf. Seems like it is an automatically generated file and I cant do it from the http interface.

2tt

Oh, by the way,

I have no access to the Cisco side, as is configured by the technical staff of a customer, and they will not attend me if I ask them to change any parameter of their server.

Im trying to set a value for dpd as low a 2 seconds, so the tunnel is renegotiated as soon as the peer is dead, but it does not seem to work.

Thanks in advance for any sugestion.

Juan Diego.