Configuring lifebyte parameter
-
Hi everybody.
I have the typical problem with a tunnel from a pfSense 1.2.3 to a Cisco Router.
In the Cisco side they have configured a lifetime of 4608000 bytes, but I can not configure this parameter in the originating pfSense. Phase 1 and Phase 2 lifetimes in seconds are correctly configured in both ends.
The result is as expected, the tunnel works for 30-40 minutes until the encripted data reachs 4608000 bytes. In that moment the cisco sends a delete messages and the pfSense ignores it, sending data with the old SA that is discarted in the Cisco side.
Can I manually introduce this lifebyte parameter in my pfSense?
Thanks in advance.
Juan Diego.
-
Hi again.
After inspection of racoon.conf definition, I find out that there is not a lifetime in bytes. I suppose this is a compatibility issue with Cisco and other versions of IPsec.
Best regards.
-
Yeah, you have to disable lifetimes in bytes or set it so high you'll never reach it in the lifetime in seconds.
-
Thanks a lot cmb.
So you can manually introduce lifetime in bytes in pfsense 1.2.3?
I suppose the grammar is like 'lifetime byte 50000 KB;' but I dont know how to introduce it in racoon.conf. Seems like it is an automatically generated file and I cant do it from the http interface.
-
Oh, by the way,
I have no access to the Cisco side, as is configured by the technical staff of a customer, and they will not attend me if I ask them to change any parameter of their server.
Im trying to set a value for dpd as low a 2 seconds, so the tunnel is renegotiated as soon as the peer is dead, but it does not seem to work.
Thanks in advance for any sugestion.
Juan Diego.