How to configure inactivity based disconnect for mobile IPSec VPN clients?



  • Apologies in advance if this topic is covered in the documentation, but I could not find it clearly described.

    I have a pfSense (version 2.3.3-RELEASE) with IPSec configurations for site-to-site between offices and mobile clients, for remote users to connect.  All tunnels are working correctly.

    What I would like to be able to do is force an idle / inactivity timeout for the mobile clients.  For example, disconnect after 15 minutes of inactivity.  I'd like to do this in a way that does not affect the connection characteristics of the site-site tunnels.  I could not find a place in the pfSense console where this timeout could be set.

    All guidance is welcome.  Thanks in advance.

    Neil.



  • its not possible because u probably use dpd to keep the tunnel up when you the other side is not sending data. Because of NAT or just to check that it still works. If you don't use dpd i would strong recommend to use it.

    On the off change you don't use dpd etc. ever SA has a timer last data received you could use that but stil you would need to write a script you self to drop the connection on X. There is no way to do that in the GUI or i totally mis understood you :P



  • Thank you for your reply.

    For site-site VPNs, I definitely see the value of DPD.  Disabling DPD for client-site VPNs is an interesting thought, but that alone doesn't sound like it will address what I am hoping to achieve through GUI configuration only.


Log in to reply