Ping, from static endpoint to dynamic endpoint, doesn't wake up tunnel…

  • Hello,

    For the first time, i'm setting up ipsec vpn between a static endpoint (pfsense) and some dynamic enpoints (netopia).

    I tried many different settings but kept faced to the following problem :

    When setting up a classic ipsec vpn (static to static), from any site, a simple ping wakes up the tunnel.

    But, in this new setting :

    • if i ping, from  the static side, a remote ip address (from the dynamic endpoint lan network) : nothing happens

    • if i ping, from the dynamic side, a remote ip address (from the static endpoint lan network) : the tunnel wakes up

    i don't know how to correct this…

    I use "user fqdn" for the dynamic endpoint and "my ip address" for the static endpoint...

    Any idea ?

    Thank you,


  • Rebel Alliance Developer Netgate

    Is this with a regular tunnel, or one setup as a Mobile Tunnel?

    If it's a mobile tunnel, those cannot be woken up by the static side because they have no way to know what the IP address is for the dynamic endpoint.

    If you are using pfSense 1.2.3, you can use dyndns to create a traditional static tunnel when one side has a dynamic IP.

  • As you supposed, it's a mobile tunnel.

    I understand your explanation…it's obvious but was trying to find a solution : need to manage remote endpoint without waiting that someone, there, creates traffic in order to wake up the tunnel..

    Thank you very much.


  • Rebel Alliance Developer Netgate

    Then you have two possibilities:

    #1 Enable keep-alive on the far end (set an IP to ping in its tunnel definition) so that their tunnel is always up or trying to connect

    #2 Use dyndns to turn this into a static tunnel and not a mobile tunnel

  • I always setup keep alive but, in this case (mobile tunnel), it doesn't help (obviously, i'm pinging from dynamic side to static side)…

    But, i'm facing a problem type i already had and that only depends from "experience feedback" :

    previously, i already had bugs with netopia/ipsec...

    But, in my actual case, once more, something strange appears :

    depending on the firmware/shared key lenght : the vpn tunnel will wake immediately alone...or not...

    :-X ...going to bed lol...

    Thank you,