Pfsense IPsec keepalive
-
Can someone tell me what this means below. Specifically I want to know "the firewall must have an IP address assigned inside the Local Network". I am not super strong with pfSense config so should I be adding the remote network ip that I have set to ping in phase 2 to the rules somewhere within the firewall?
Configuring IPsec Keep Alive
Any IP address within the Remote Network of this phase 2 definition may be used. It does not have to reply or even exist, simply triggering traffic destined to that network periodically will keep the IPsec connection up and running.For this feature to work, the firewall must have an IP address assigned inside the Local Network. Otherwise it cannot generate the necessary traffic to bring up the tunnel.
-
It means that you cannot initiate pings from a source address that is not on the firewall itself.
For instance, if you have a Phase 2 tunnel between a local network that is behind another router on your side and a network on the remote side, the firewall itself cannot generate an interesting ping to bring up a tunnel because it cannot ping sourced from an address that is not on the firewall.
In that case you would have to generate a keepalive ping from the network interesting to IPsec.
