• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Ping, from static endpoint to dynamic endpoint, doesn't wake up tunnel…

Scheduled Pinned Locked Moved IPsec
5 Posts 2 Posters 2.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    XZed
    last edited by Aug 17, 2009, 10:42 PM

    Hello,

    For the first time, i'm setting up ipsec vpn between a static endpoint (pfsense) and some dynamic enpoints (netopia).

    I tried many different settings but kept faced to the following problem :

    When setting up a classic ipsec vpn (static to static), from any site, a simple ping wakes up the tunnel.

    But, in this new setting :

    • if i ping, from  the static side, a remote ip address (from the dynamic endpoint lan network) : nothing happens

    • if i ping, from the dynamic side, a remote ip address (from the static endpoint lan network) : the tunnel wakes up

    i don't know how to correct this…

    I use "user fqdn" for the dynamic endpoint and "my ip address" for the static endpoint...

    Any idea ?

    Thank you,

    Sincerely,

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Aug 17, 2009, 11:00 PM

      Is this with a regular tunnel, or one setup as a Mobile Tunnel?

      If it's a mobile tunnel, those cannot be woken up by the static side because they have no way to know what the IP address is for the dynamic endpoint.

      If you are using pfSense 1.2.3, you can use dyndns to create a traditional static tunnel when one side has a dynamic IP.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • X
        XZed
        last edited by Aug 18, 2009, 12:00 AM

        As you supposed, it's a mobile tunnel.

        I understand your explanation…it's obvious but was trying to find a solution : need to manage remote endpoint without waiting that someone, there, creates traffic in order to wake up the tunnel..

        Thank you very much.

        Sincerely,

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Aug 18, 2009, 12:03 AM

          Then you have two possibilities:

          #1 Enable keep-alive on the far end (set an IP to ping in its tunnel definition) so that their tunnel is always up or trying to connect

          #2 Use dyndns to turn this into a static tunnel and not a mobile tunnel

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • X
            XZed
            last edited by Aug 18, 2009, 1:14 AM

            I always setup keep alive but, in this case (mobile tunnel), it doesn't help (obviously, i'm pinging from dynamic side to static side)…

            But, i'm facing a problem type i already had and that only depends from "experience feedback" :

            previously, i already had bugs with netopia/ipsec...

            But, in my actual case, once more, something strange appears :

            depending on the firmware/shared key lenght : the vpn tunnel will wake immediately alone...or not...

            :-X ...going to bed lol...

            Thank you,

            Sincerely,

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received