Configuring lifebyte parameter
I have the typical problem with a tunnel from a pfSense 1.2.3 to a Cisco Router.
In the Cisco side they have configured a lifetime of 4608000 bytes, but I can not configure this parameter in the originating pfSense. Phase 1 and Phase 2 lifetimes in seconds are correctly configured in both ends.
The result is as expected, the tunnel works for 30-40 minutes until the encripted data reachs 4608000 bytes. In that moment the cisco sends a delete messages and the pfSense ignores it, sending data with the old SA that is discarted in the Cisco side.
Can I manually introduce this lifebyte parameter in my pfSense?
Thanks in advance.
After inspection of racoon.conf definition, I find out that there is not a lifetime in bytes. I suppose this is a compatibility issue with Cisco and other versions of IPsec.
cmb last edited by
Yeah, you have to disable lifetimes in bytes or set it so high you'll never reach it in the lifetime in seconds.
Thanks a lot cmb.
So you can manually introduce lifetime in bytes in pfsense 1.2.3?
I suppose the grammar is like 'lifetime byte 50000 KB;' but I dont know how to introduce it in racoon.conf. Seems like it is an automatically generated file and I cant do it from the http interface.
Oh, by the way,
I have no access to the Cisco side, as is configured by the technical staff of a customer, and they will not attend me if I ask them to change any parameter of their server.
Im trying to set a value for dpd as low a 2 seconds, so the tunnel is renegotiated as soon as the peer is dead, but it does not seem to work.
Thanks in advance for any sugestion.