Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A lot of ipsec tunnels and some little problems.

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      capitangiaco
      last edited by

      I am trying 1.3 as multipoint peer for 12 ipsec tunnels (all remote peers are cisco 877k9 routers) :

      11 tunnels have dynamic ip and I am using enable dpd 30 seconds 5 retry in pfsense phase1 config and crypto isakmp keepalive 30 5 periodic in the cisco routers.
      (the other option than periodic is on demand
        on-demand  When using Dead Peer Detection (DPD), send DPD messages only as needed
        periodic  When using Dead Peer Detection (DPD), send periodic DPD messages)

      1 tunnel has fixed ip and I noticed that if (in pfsense side) I set Peer identifier peer ip address the phase1 never end while setting it to ip address 81.123.x.x (that is the remote peer ip) it works. (that ip is the same in the remote gateway )

      Another strange thing is the keepalive that seems not to work.
      Tunnels go up only when I do a ping from the firewall, I lost 1 ping and than I see reply, I can do ping without the -S option because I added a route 192.168/16 to the lan, remote subnets are inside that route.

      any idea to keep the vpns alive ?

      thanks

      Giacomo

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.