Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping, from static endpoint to dynamic endpoint, doesn't wake up tunnel…

    IPsec
    2
    5
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XZed
      last edited by

      Hello,

      For the first time, i'm setting up ipsec vpn between a static endpoint (pfsense) and some dynamic enpoints (netopia).

      I tried many different settings but kept faced to the following problem :

      When setting up a classic ipsec vpn (static to static), from any site, a simple ping wakes up the tunnel.

      But, in this new setting :

      • if i ping, from  the static side, a remote ip address (from the dynamic endpoint lan network) : nothing happens

      • if i ping, from the dynamic side, a remote ip address (from the static endpoint lan network) : the tunnel wakes up

      i don't know how to correct this…

      I use "user fqdn" for the dynamic endpoint and "my ip address" for the static endpoint...

      Any idea ?

      Thank you,

      Sincerely,

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Is this with a regular tunnel, or one setup as a Mobile Tunnel?

        If it's a mobile tunnel, those cannot be woken up by the static side because they have no way to know what the IP address is for the dynamic endpoint.

        If you are using pfSense 1.2.3, you can use dyndns to create a traditional static tunnel when one side has a dynamic IP.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • X
          XZed
          last edited by

          As you supposed, it's a mobile tunnel.

          I understand your explanation…it's obvious but was trying to find a solution : need to manage remote endpoint without waiting that someone, there, creates traffic in order to wake up the tunnel..

          Thank you very much.

          Sincerely,

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Then you have two possibilities:

            #1 Enable keep-alive on the far end (set an IP to ping in its tunnel definition) so that their tunnel is always up or trying to connect

            #2 Use dyndns to turn this into a static tunnel and not a mobile tunnel

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • X
              XZed
              last edited by

              I always setup keep alive but, in this case (mobile tunnel), it doesn't help (obviously, i'm pinging from dynamic side to static side)…

              But, i'm facing a problem type i already had and that only depends from "experience feedback" :

              previously, i already had bugs with netopia/ipsec...

              But, in my actual case, once more, something strange appears :

              depending on the firmware/shared key lenght : the vpn tunnel will wake immediately alone...or not...

              :-X ...going to bed lol...

              Thank you,

              Sincerely,

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.