Automatically ping host (IPSEC) Don't work

martinc_77 · Jul 18, 2006, 7:41 PM

Dear hoba,
i stablish one VPN and run fine but this is set as movile client in 1 extreme.
If the other extreme ping movile cliente all run fine, but later vpn is down.
I ping from my pfsense-lan-interfase the other extreme and again is up, but if set the automatically ping host don't work

help me please

hoba · Jul 21, 2006, 3:00 AM

I have some devices out that use that option to always establish the tunnel from the dynamic end towards the static end after IP change and to keep the tunnel up. What IP did you enter as keepalive IP?

martinc_77 · Jul 22, 2006, 5:21 PM

Use the IP deprived of firewall static and also it tries with the IP of a server located behind he himself firewall to which I arrive without problems.

hoba · Jul 22, 2006, 5:45 PM

Please tell me your tunneldefinitions (subnets on each side of the tunnel), the IP you enter as keepalive IP and which interfaces the subnets live on (LAN, OPTx).

martinc_77 · Jul 22, 2006, 7:24 PM

my configuration is the next:

(192.168.0.1/32) (192.168.105.1/32)
LAN SUBNET –------------------ PFSENSE --------------- INET ------------------------ PFSENSE2-------------LAN SUBNET 2 (STATIC IP)
(192.168.0.0/24) (192.168.105.0/24)

if i ping from LANSUBNET to LANSUBNET2 have reply, include from pfsense1 diagnostics ping to pfsense2(192.168.105.1)
but if i set automatically ping from pfsense1 to pfsense2 (192.168.105.1) this don't work and vpn down after some time.

help me hoba, so far I maintain a server(192.168.0.20) doing ping towards pfsense2 but it does not seem to me the ideal

hoba · Jul 22, 2006, 7:26 PM

Why are your subnetmasks at both pfSense /32?

martinc_77 · Jul 22, 2006, 7:29 PM

I Use FOR VPN WAN Interfase in both pfsense.
In pfsense 1 have load-balancer with opt-wan.
PFSENSE 2 if movile client

martinc_77 · Jul 22, 2006, 7:33 PM

no, it mistakes, to me it chewed it is 24 in both subnet. gateways is 192.168.0.1 and 192.168.105.1 respectively

hoba · Jul 22, 2006, 7:49 PM

Do I get this right? if you ping the keepalive IP from the loadbalanced pfSense from the webgui using interface LAN the tunnel comes up and the other end responds or not? Or only if you ing from a client behind the pfSense?

martinc_77 · Jul 22, 2006, 8:07 PM

the other end response in both case. only don't work and vpn down if i only set automatically ping host and stop the others pings.
is more, i run "tcpdump -v -i fxp0 dst 192.168.105.1 and icmp" from my pfsense1. fxp0 is the lan interfase, and no packets exit from my pfsense if only set automatically ping host, but if i go to the diagnostic-ping and write the same ip set in automatically ping host, now packets exit from my pfsense and tunnel is up again.

:(

i don't understand whatts happend dear hoba

hoba · Jul 22, 2006, 8:35 PM

I'll try to test this option soon with the latest build.