Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Keep Alive : Netopia requires remote network address

    IPsec
    2
    3
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XZed
      last edited by

      Hello,

      I used to setup IPSec between Netopia routers and pfSense boxes…

      Well, all is working perfectly but something is curious :

      for the keep alive part, i've searching many times without finding the same answer about which host to ping for the keep alive...

      Someones advice remote lan address, others advice remote gateway...

      Finally, i decided to always ping a remote lan address....

      But, for tests purposes, i decided to try to ping the remote gateway.

      And i had a quick answer : Netopia refuses it !

      As soon as i type an address from the remote subnet, Netopia accepts it.

      So, what do you people think of it ?

      Thank you,

      Sincerely,

      1 Reply Last reply Reply Quote 0
      • F
        focalguy
        last edited by

        I always set up the remote address as the remote gateway device. I'm not using any netopia but as far as I know they act about the same. It just sends traffic along to that address to keep the tunnel alive in case there is no other traffic being passed.

        When you put in the remote gateway address did you put in the LAN address or the remote WAN address? If I was connecting 192.168.1.1/24 -> 192.168.2.1/24 I would set 192.168.2.1 to ping 192.168.1.1.

        1 Reply Last reply Reply Quote 0
        • X
          XZed
          last edited by

          @focalguy:

          I always set up the remote address as the remote gateway device. I'm not using any netopia but as far as I know they act about the same. It just sends traffic along to that address to keep the tunnel alive in case there is no other traffic being passed.

          When you put in the remote gateway address did you put in the LAN address or the remote WAN address? If I was connecting 192.168.1.1/24 -> 192.168.2.1/24 I would set 192.168.2.1 to ping 192.168.1.1.

          Oops, small misunderstood :

          I already do as you say, but i was referring to put the remote WAN address, so :

          192.168.2.1 to pinf WAN address of 192.168.1.1

          I'm asking it because i read some tutorial that advice to do this instead of the classic "192.168.1.1 / 192.168.2.1"

          But, if you say me that you do the same, with success, i'll continue doing as always  ;D

          By the way, another question related :

          I never setup keep alive on pfsense vpn setup, but only on remote routers that connect to it (well, my sentence is wrong about ipsec establishment between sites, but you understand what i mean). To be more accurate : i specify on remote site, to ping lan ip of pfSense (i think it doesn't need to be an internal remote address (e.g. : another server), does it ?).

          Do you people setup mutual keep alive ?

          Thank you,

          Sincerely,

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.