Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC autoconnection - Manual?

    Scheduled Pinned Locked Moved
    IPsec
    2
    3
    68
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by

      Hello.

      I setup IPSEC site 2 site between Pfsense CE 2.7.2 vs Pfsense Plus 24.03 shared key.

      Following the instructions from the pfsense bible(Doc).

      My fws are behind my ISP routers, I open the ports on both sides.

      The tunnel is on, but I notice 1 behaviour:

      1. To establish the tunnel I manually need to press connect P1 and P2 on the status ipsec and the tunnel goes live.

      2. fI add on P2 keep alive, the IP of each pfsense IP, this way it connects automatically.

      I was thinking that the tunnel will connected without intervention, like openvpn does.

      This is normal or I miss something?

      Any comment or tip is welcome.

      Thanks in advaced.

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The default behavior varies by type (policy-based vs route-based/VTI). For policy-based tunnels the tunnel will connect on demand by default, so it will wait for some traffic to try taking the tunnel before the tunnel is established. As you found, keep alive will nudge this to happen sooner.

        Read through these parts of the docs:

        • Configuring IPsec Keep Alive
        • Child SA Start Action
        • Keep Alive

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        perikoP 1 Reply Last reply Reply Quote 1
        • perikoP
          periko @jimp
          last edited by

          @jimp Thanks master, I will.

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • First post
            Last post