Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring lifebyte parameter

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 2
      2tt
      last edited by

      Hi everybody.

      I have the typical problem with a tunnel from a pfSense 1.2.3 to a Cisco Router.

      In the Cisco side they have configured a lifetime of 4608000 bytes, but I can not configure this parameter in the originating pfSense. Phase 1 and Phase 2 lifetimes in seconds are correctly configured in both ends.

      The result is as expected, the tunnel works for 30-40 minutes until the encripted data reachs 4608000 bytes. In that moment the cisco sends a delete messages and the pfSense ignores it, sending data with the old SA that is discarted in the Cisco side.

      Can I manually introduce this lifebyte parameter in my pfSense?

      Thanks in advance.

      Juan Diego.

      1 Reply Last reply Reply Quote 0
      • 2
        2tt
        last edited by

        Hi again.

        After inspection of racoon.conf definition, I find out that there is not a lifetime in bytes. I suppose this is a compatibility issue with Cisco and other versions of IPsec.

        Best regards.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Yeah, you have to disable lifetimes in bytes or set it so high you'll never reach it in the lifetime in seconds.

          1 Reply Last reply Reply Quote 0
          • 2
            2tt
            last edited by

            Thanks a lot cmb.

            So you can manually introduce lifetime in bytes in pfsense 1.2.3?

            I suppose the grammar is like 'lifetime byte 50000 KB;' but I dont know how to introduce it in racoon.conf. Seems like it is an automatically generated file and I cant do it from the http interface.

            1 Reply Last reply Reply Quote 0
            • 2
              2tt
              last edited by

              Oh, by the way,

              I have no access to the Cisco side, as is configured by the technical staff of a customer, and they will not attend me if I ask them to change any parameter of their server.

              Im trying to set a value for dpd as low a 2 seconds, so the tunnel is renegotiated as soon as the peer is dead, but it does not seem to work.

              Thanks in advance for any sugestion.

              Juan Diego.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.