Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon: INFO: DPD: remote seems to be dead

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rlai000
      last edited by

      I change the topic of this thread (http://forum.pfsense.org/index.php/topic,33389.0.html) to make it more related to the problem.

      I already updated to the latest snapshot (2.0-RC1 (i386) built on Wed Mar 16 17:04:38 EDT 2011) and although the problem of FQDN specified on Remote Gateway is fixed, this one still here.

      Not that critical as the problem is only happens when pfSense "respond" new phases negotiation from remote sites.

      If my pfSense "initiate" new phases negotiation, than the VPN links are alright.  And the latest snapshot keep-alive does working in this case that re-establish the links by initiate the negotiation.

      Or if I disabled DPD from the VPN settings, than everything seems alright too.

      But this "DPD remote seems to be dead" bug is still bothering me.

      -Raylund

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It may be an issue with the DPD settings on the remote side, it may not support DPD or it may not be negotiating for it when it initiates.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rlai000
          last edited by

          Ha!  Jimp, you gave me a clue.

          I find that 4 out of my 11 VPN links that have the problem may due to an option in SonicWall.

          All 4 of them (also for other SonicWall) "Enable IKE Dead Peer Detection" are enabled and with 60/3 setting by default.  But these 4 SonicWall firmware have a sub-option "Enable Dead Peer Detection for Idle vpn sessions" which are not enabled by default.

          Do you know or anybody know this is may be the culprit?

          In SonicWall documentation, it says "Unless your SonicWALL has a lot of remote sites and you’ve been advised to use this function, please do not enable it".  I'm reluctant to enable it as there are a lot of VPN links on these SonicWall; not just me.

          -Raylund

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.