IPSec tunnel endpoint with dynamic IP kills connection
-
Hi,
I have use IPSEC from pfsense at my office with static IP to a Cisco RV042 that has a dynamic IP (dyndns).
Everytime the RV042 changes it's IP (i.e. 24h disconnect) the pfsense does a filter reload and kills all connections.
It is not so bad at the moment, but if I have like 20 RV042 the connection will be down pretty often.Is there a way around that?
I already use the mobile clients feature for VPN with some iphone users, whom I provide a virtual IP.
I want a different type of security for the site-to-site with the RV042 tho.
Is it not possible to set up multiple mobile clients?Or should I just add phase 2 entries to the mobile clients? They would get virtual IPs, right?
Apr 13 11:07:16 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Apr 13 11:07:16 php: : Reloading IPsec tunnel 'TUNNEL X'. Previous IP 'x', current IP 'x'. Reloading policy
Apr 13 11:07:17 check_reload_status: Reloading filter -
Filter reloads do not kill any connections under normal circumstances. If your gateway monitoring is broken, you'll kill states on filter reload. If that's the case either fix your gateway monitoring by putting in an IP that responds, or disable state killing on a down gateway under System>Advanced.
You can't set up multiple mobile client configurations. Site to site is completely separate from that though, you have one entry for each for site to site.
-
You were right, I feel kinda dumb now.
I plugged one of the WAN uplinks into my RV042 to test this and yes of course the Gateway monitoring is down.Thanks!