PfSense 1.2.3 and DrayTek 2710n
I'm trying to set up a multi-site VPN using pfSense in a data center connected to 12 branches each with a DrayTek 2710n. I have no problems creating the VPN tunnels. The issue is, when a DrayTek is rebooted, the tunnel is re-established but no traffic passes. The only way to get traffic to flow again is to reboot pfSense (or restart racoon.) Interestingly, if you 'Drop' the connection from the DrayTek, it is promptly re-established without a problem (presumbly is sends something to pfSense which causes it to re-establish the connection properly.) Anyone got any clues?
More info… If I delete the old SAs, traffic starts to flow. It seems if you delete a new SA, pfSense creates another new pair. If you delete an old SA, it doesn't care. So it seems to know which the new SAs are, but chooses to use the old ones. Note I've fiddled with the Advanced option 'Prefer old SAs' to no avail. Seems like a bug. A forced 'Drop' from a DrayTek causes the correct (new) SAs to be used, but a 'disconnect' does not. Hope someone can help - otherwise I'll have to buy some fancy DrayTek to replace pfSense - and I much prefer pfSense :)
Update: It seems if I set the phase 2 expiry to its minimum (10 min,) dead tunnels are resurrected after 10 min or so. Hardly ideal. Anyone else got any ideas?
If I were you, I would try ver 2.0 RC3.