Checkpoint VPN

ggts · Feb 8, 2007, 9:40 AM

I am using pfsense 1.0.1 with IPsec passthru enabled in the web gui. I am using checkpoint VPN (VPN-1 secure client R 56 Build no. 619) on my lan clients to connect to remote servers. My connections go through fine, but after a period (typically 15 mins to 1 hour), the VPN client disconnects.

I doubt if this is a Checkpoint client/server problem because if I connect through an alternate (FortiGate) gateway in my network, my connections never drop.

Can someone please help me troubleshoot the problem?

Thanks in advance.

hoba · Feb 18, 2007, 9:26 PM

sounds like some idle timeout. Have a look at the firewallstates for these connections (best viewed at the shell/ssh as you see the timeouts there). Do you see them timing out? If yes try to add some firewallrules for this traffic with higher state timeouts.

ggts · Feb 19, 2007, 7:05 AM

Hoba, thanks for suggestions!

I've already "set optimization conservative" through the webgui. None
of the other connections are dropping.

Further, the VPN connection drops even when there is activity, so I
don't think it's an timeout issue. As you suggest, I will check out
the state table entries when the connection drops and report back.

If you have successfully used a Checkpoint VPN client through a
pfSense gateway, I'd be very happy if you can share your configuration
with me.

Screenshots of my config are posted here.

Thanks!!