Bug - IPsec KeepAlive



  • Hi everyone!
    Im using this version:

    1.3-ALPHA-ALPHA
    built on Mon Oct 6 20:23:59 EDT 2008
    FreeBSD 7.0-RELEASE-p5

    Setting IP address in IPsec tunnel appears to not ping host.

    From looking around the only thing i can figure out is that this is attempting to ping from the WAN interface. If this is the case trying to ping my "internal" address to keep my IPsec up wont work as the wan interface doesn't know how to get to the internal address.

    Is there a way to set the interface used to ping?
    My current workaround is to setup a cronjob on the pfbox to ping every 10 sec from the internal interface.

    i.e. ping -S ping.from.lan.inf to.int.vpn.ip

    Please let me know if im just setting this up wrong!

    Thanks all.

    -Eureka



  • what does /var/db/ipsecpinghosts contain?



  • Hi

    How about you try something more recent build? Many glitches have been addressed in the recent build.

    cheers,



  • Hi,
    Ill  upgrade to the latest snapshot asap.
    This is what i found in the file you suggested.

    |ip.to.ping.here|

    e.x.

    (ip address that if pinged should initiate the VPN connection.
    |10.10.8.77|

    -E

    @cmb:

    what does /var/db/ipsecpinghosts contain?



  • Hi All,
    I have not yet had a chance to test this again but after doing to update i now see this in /var/db/ipsecpinghosts

    |10.10.8.1|3



  • That's the problem, the new IPsec doesn't put the source IP in there and hence it isn't used. Will report to the author of the new IPsec code.



  • Thanks!
    If you want to send me a PM or repost here after any changes are made to this i would be happy to test it for you!

    -E

    @cmb:

    That's the problem, the new IPsec doesn't put the source IP in there and hence it isn't used. Will report to the author of the new IPsec code.


Log in to reply