Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure inactivity based disconnect for mobile IPSec VPN clients?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nreadshaw
      last edited by

      Apologies in advance if this topic is covered in the documentation, but I could not find it clearly described.

      I have a pfSense (version 2.3.3-RELEASE) with IPSec configurations for site-to-site between offices and mobile clients, for remote users to connect.  All tunnels are working correctly.

      What I would like to be able to do is force an idle / inactivity timeout for the mobile clients.  For example, disconnect after 15 minutes of inactivity.  I'd like to do this in a way that does not affect the connection characteristics of the site-site tunnels.  I could not find a place in the pfSense console where this timeout could be set.

      All guidance is welcome.  Thanks in advance.

      Neil.

      1 Reply Last reply Reply Quote 0
      • T Offline
        TheSec
        last edited by

        its not possible because u probably use dpd to keep the tunnel up when you the other side is not sending data. Because of NAT or just to check that it still works. If you don't use dpd i would strong recommend to use it.

        On the off change you don't use dpd etc. ever SA has a timer last data received you could use that but stil you would need to write a script you self to drop the connection on X. There is no way to do that in the GUI or i totally mis understood you :P

        1 Reply Last reply Reply Quote 0
        • N Offline
          nreadshaw
          last edited by

          Thank you for your reply.

          For site-site VPNs, I definitely see the value of DPD.  Disabling DPD for client-site VPNs is an interesting thought, but that alone doesn't sound like it will address what I am hoping to achieve through GUI configuration only.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.