Keep Alive : Netopia requires remote network address



  • Hello,

    I used to setup IPSec between Netopia routers and pfSense boxes…

    Well, all is working perfectly but something is curious :

    for the keep alive part, i've searching many times without finding the same answer about which host to ping for the keep alive...

    Someones advice remote lan address, others advice remote gateway...

    Finally, i decided to always ping a remote lan address....

    But, for tests purposes, i decided to try to ping the remote gateway.

    And i had a quick answer : Netopia refuses it !

    As soon as i type an address from the remote subnet, Netopia accepts it.

    So, what do you people think of it ?

    Thank you,

    Sincerely,



  • I always set up the remote address as the remote gateway device. I'm not using any netopia but as far as I know they act about the same. It just sends traffic along to that address to keep the tunnel alive in case there is no other traffic being passed.

    When you put in the remote gateway address did you put in the LAN address or the remote WAN address? If I was connecting 192.168.1.1/24 -> 192.168.2.1/24 I would set 192.168.2.1 to ping 192.168.1.1.



  • @focalguy:

    I always set up the remote address as the remote gateway device. I'm not using any netopia but as far as I know they act about the same. It just sends traffic along to that address to keep the tunnel alive in case there is no other traffic being passed.

    When you put in the remote gateway address did you put in the LAN address or the remote WAN address? If I was connecting 192.168.1.1/24 -> 192.168.2.1/24 I would set 192.168.2.1 to ping 192.168.1.1.

    Oops, small misunderstood :

    I already do as you say, but i was referring to put the remote WAN address, so :

    192.168.2.1 to pinf WAN address of 192.168.1.1

    I'm asking it because i read some tutorial that advice to do this instead of the classic "192.168.1.1 / 192.168.2.1"

    But, if you say me that you do the same, with success, i'll continue doing as always  ;D

    By the way, another question related :

    I never setup keep alive on pfsense vpn setup, but only on remote routers that connect to it (well, my sentence is wrong about ipsec establishment between sites, but you understand what i mean). To be more accurate : i specify on remote site, to ping lan ip of pfSense (i think it doesn't need to be an internal remote address (e.g. : another server), does it ?).

    Do you people setup mutual keep alive ?

    Thank you,

    Sincerely,


Log in to reply