<![CDATA[IPsec tunnels passing no traffic showing green in status DPD]]>Just wondering if anyone else has come across this problem before. Running Pfsense 2.0.1 on 14 sites.

Each site is setup with all default values, the only information I have filled in was the hostname and preshared key. Phase 2 is the same only information that is filled in is the network subnet and the IP address to ping (I used the remote sides internal PFsense box ip here). Works fantastic when up.

So far I have had a few drops in where PFsense has no idea that the tunnel is actually dropped. Status shows green with no mention of any problems in the logs regarding the tunnel or DPD actually doing anything.

I have DPD setup with all default values 10 seconds, 5 retry. How long does this actually take to detect a problem?

These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

When I reset the IPsec services on the device all seems to be restored. I have been doing this though a public IP port forward for testing. On each side it still shows green minutes after the connection goes down.

I have done some googling and have come up with switching to main mode vs aggressive, disabling NAT-T and DPD. Has anyone had any luck with these suggestions?

]]>https://forum.netgate.com/topic/45264/ipsec-tunnels-passing-no-traffic-showing-green-in-status-dpdRSS for NodeMon, 13 Apr 2026 23:51:17 GMTThu, 24 May 2012 01:48:26 GMT60<![CDATA[Reply to IPsec tunnels passing no traffic showing green in status DPD on Thu, 19 Jul 2012 09:02:36 GMT]]>PFSENSE, NANOBSD, 2.0.1
I had the same problem, IPSEC tunnel was establised, all green, no traffic goes through.
When you look at SAD, SAD (Status,Ipsec, SAD)shows me multiple connections.
I think, the reason are short interrupts, Phase1 does not recognise the break, stays established, but Phase2 opens a new connection.
But this does not work.
My solution:
Change Mode from aggressive to main on both sides. (even with dynamic IPs)

]]>https://forum.netgate.com/post/347645https://forum.netgate.com/post/347645Thu, 19 Jul 2012 09:02:36 GMT<![CDATA[Reply to IPsec tunnels passing no traffic showing green in status DPD on Wed, 13 Jun 2012 19:16:32 GMT]]>@themixer:

These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

What is your setting of "Prefer older IPsec SAs" (System -> Advanced -> Miscellaneous -> IPsec) ?

Are you running PPTP server on the same machine ?

]]>https://forum.netgate.com/post/341670https://forum.netgate.com/post/341670Wed, 13 Jun 2012 19:16:32 GMT<![CDATA[Reply to IPsec tunnels passing no traffic showing green in status DPD on Tue, 12 Jun 2012 13:51:37 GMT]]>Have you put Firewall rules in to allow traffic over the IPSec Interface at each site? I had this same issue the first time I set up IPSec tunnels with pfSense and it took a while to realize what needed to be done.


Seth

]]>https://forum.netgate.com/post/341360https://forum.netgate.com/post/341360Tue, 12 Jun 2012 13:51:37 GMT<![CDATA[Reply to IPsec tunnels passing no traffic showing green in status DPD on Mon, 28 May 2012 12:46:11 GMT]]>Anyone?

]]>https://forum.netgate.com/post/338744https://forum.netgate.com/post/338744Mon, 28 May 2012 12:46:11 GMT